Month: June 2021

Wegmans Food Markets, the upscale grocery store that operates in the mid-Atlantic and Northeastern US, notified its customers in an e-mail this past week that some of their personal information was exposed due to a security data breach.

Wegmans operates 106 stores in New York, Pennsylvania, New Jersey, Virginia, Maryland, Massachusetts, and North Carolina. The store chain was founded in 1916, and is one of the largest private companies in the US, having over 50,000 employees.

Wegman said that two of its cloud databases used to keep internal customer data were “inadvertently left open to potential outside access.” Customer information included names, addresses, phone numbers, birth dates, Shoppers Club numbers, e-mails, and passwords for accessing Wegman.com accounts. The passwords were “hashed” and “salted”, meaning that the actual password characters were not contained in the databases. Social security numbers and banking data were not exposed, company officials said.

The configuration issue began in 2018, although Wegmans said that it didn’t find out about the breach until it was brought to its attention by a third-party security researcher on or about April 19, 2021.

Wegman corrected the issue, and is now recommending to its customers to update their Wegman.com accounrd password, as well as any other account that uses the same password.

Read more about it here.

McDonald’s, the largest fast food restaurant chain by revenue in the world, has disclosed a data breach that impacted customers and employees in the US, South Korea, and Taiwan.

In the US, the hackers compromised the system of the company and stole business contact information belonging to US employees and franchises. The hackers also stole personal information from customers in South Korea and Taiwan, including names, emails, phone numbers, and delivery addresses. McDonald’s stated that only a small number of customers was impacted, and their financial data was not exposed. Customer payment information wasn’t compromised in this data breach.

Read more about it here.

Volkswagen and Audi have suffered a data breach affecting 3.3 million customers, after a vendor exposed unsecured data on the Internet.

Volkswagen Group of America, Inc. (VWoA) is responsible for five marques: Audi, Bentley, Bugatti, Lamborghini, and Volkswagen cars. It also controls VW Credit, Inc. (VCI), Volkswagen’s financial services and credit operations

According to data breach notifications it filed, VWGoA disclosed that a vendor left unsecured data exposed on the Internet between August 2019 and May 2021.

The data included some or all of the following contact information: first and last name, personal or business mailing address, email address, or phone number. In some cases, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages.

“For approximately 90,000 Audi customers or interested buyers, the data also includes more sensitive information relating to eligibility for a purchase, loan, or lease. Nearly all of the more sensitive data (over 95%) consists of driver’s license numbers. A very small number of records include data such as dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers.” continues the letter.

For those customers 90,000 customers who had more sensitive information exposed, Volkswagen is offering free credit monitoring services.

Read more about it here.