Wegmans reports possible breach of customer data
Wegmans Food Markets has reported a data breach that may have exposed such customer information as names, home and email addresses, phone numbers, birth dates, Shoppers Club numbers and passwords for access to Wegmans.com accounts.
The company stated that “a previously undiscovered configuration issue” led to two of its internal cloud databases being inadvertently left open to potential outside access.
All affected Wegmans.com account passwords were “hashed” and “salted,” Wegmans said on its website, “meaning that the actual password characters were not contained in the databases.”
However, “as a conservative measure, you can change the password to your Wegmans.com account, as well as for any other account for which you use the same password,” stated the grocery store chain, which has more than 100 locations across seven states.
Social security numbers were not revealed in the mishap because Wegmans does not collect them, nor was payment card or banking information disclosed, it said.
The issue was brought to the company's attention by a third-party security researcher, and Wegmans confirmed it around April 19.
"We have since corrected configurations and secured all affected information," Wegmans said. "We have also taken steps to avoid the occurrence of similar issues in the future."
Customers with further questions should call 855-535-1851.
Reporter Marcia Greenwood covers general assignments. Send story tips to firstname.lastname@example.org. Follow her on Twitter @MarciaGreenwood.