Wegmans Food Markets, the upscale grocery store that operates in the mid-Atlantic and Northeastern US, notified its customers in an e-mail this past week that some of their personal information was exposed due to a security data breach.
Wegmans operates 106 stores in New York, Pennsylvania, New Jersey, Virginia, Maryland, Massachusetts, and North Carolina. The store chain was founded in 1916, and is one of the largest private companies in the US, having over 50,000 employees.
Wegman said that two of its cloud databases used to keep internal customer data were “inadvertently left open to potential outside access.” Customer information included names, addresses, phone numbers, birth dates, Shoppers Club numbers, e-mails, and passwords for accessing Wegman.com accounts. The passwords were “hashed” and “salted”, meaning that the actual password characters were not contained in the databases. Social security numbers and banking data were not exposed, company officials said.
The configuration issue began in 2018, although Wegmans said that it didn’t find out about the breach until it was brought to its attention by a third-party security researcher on or about April 19, 2021.
Wegman corrected the issue, and is now recommending to its customers to update their Wegman.com accounrd password, as well as any other account that uses the same password.
Read more about it here.