Kroger reveals data breach caused by third-party company

CINCINNATI — Kroger announced Friday that a third-party software company it uses for data services suffered a data breach last month.

>> Read more trending news

According to a news release, the Cincinnati-based grocery chain was notified of the breach on Jan. 23. The company said the breach affected Accellion Inc., a business Kroger used for secure third-party file transfers.

Kroger said it was notified by Accellion, Inc. that an unauthorized person had gained access to certain Kroger files by exploiting a vulnerability in Accellion’s file-transfer service, the news release stated.

The incident was isolated to Accellion’s services and did not affect Kroger’s information technology department’s systems or any grocery store systems or data, according to the news release.

No credit or debit card information or customer account passwords were affected by this incident, the company said.

Kroger officials said they discontinued the company’s affiliation with Accellion after the breach was reported.

“At this time, based on the information provided by Accellion and its own investigation, Kroger believes that less than 1% of its customers, specifically customers of Kroger Health and Money Services, have been impacted. In addition, current and certain former associates will be notified that certain HR records have been impacted,” Kroger said in its news release. “Protecting data is a priority for the Kroger Family of Companies and it is directly contacting all customers and associates who may have been affected to inform them of the incident.

“While Kroger has no indication of fraud or misuse of personal information as a result of this incident, out of an abundance of caution Kroger has arranged to offer credit monitoring to all affected individuals at no cost to them.”