What Happened?

Wegmans Food Markets has disclosed a data breach that may have exposed such customer information as names, home and email addresses, phone numbers, birth dates, Shoppers Club numbers and passwords for access to Wegmans.com accounts.

Wegmans is a grocery store chain, which has stores at more than 100 locations across seven states.

The issue was brought to the company’s notice by a third-party security researcher, and Wegmans confirmed it around April 19.

 

Cause of the Breach

The company stated that “a previously undiscovered configuration issue” led to two of its internal cloud databases being inadvertently left open to potential outside access.

According to Wegmans official statement, all affected Wegmans.com account passwords were “hashed” and “salted,” meaning that the actual password characters were not contained in the databases.

Social security numbers were not revealed in the mishap because Wegmans does not collect them, nor was payment card or banking information disclosed, it revealed.

 

 Impact

The data breach exposes highly sensitive data. Having such sensitive data in the public domain would make it incredibly easy to trick, defraud, and steal from the people exposed.

 

Recommendations:

 Wegmans has since then corrected the configurations and secured all the affected information. They have also taken steps to avoid the occurrence of similar issues in the future.

 

• As a conservative measure, the users can change the password to their com account, as well as for any other account for which they use the same password.

 

• Users, whose data was leaked due to this data breach, must take necessary actions as their data could be abused by attackers to take over user accounts and perform fraudulent transactions.

 

• Users should also be wary of targeted phishing emails that pretend to be from Wegmans and utilize the information disclosed in this data breach.