Security News > 2021 > February > Kroger data breach highlights urgent need to replace legacy, end-of-life tools
Kroger became the latest major company to announce a data breach, acknowledging in a statement that information from some current and former employees as well as customers of Kroger Health and Money Services were impacted by an attack on a third-party file transfer tool from Accellion.
The company said it is in the process of contacting victims but confirmed that none of its IT systems or any grocery store systems or data were affected by the breach.
Oliver Tavakoli, CTO at Vectra, said the attack should serve as a reminder that security teams need to be keenly aware of the third-party tools they use, particularly with sensitive data, and to aggressively patch them.
Rehan Jalil, CEO of Securiti, said enterprises rely on their vendor's resources, expertise and skills to protect data but without a standard security framework, attackers target low-hanging fruits such as outdated, legacy or vulnerable software to find sensitive data.
Jalil called on organizations to closely monitor and govern sensitive data they are responsible for while also creating data breach management plans and data maps of all data processing activities.
"Ultimately, the continued loss of information, entrusted to organizations, will cause reputational damage to companies and the trust they hope to earn. Organizations have to start owning the security of their data whether it is with them or with another partner. They need to ensure that their data can be kept safe even if a third party is compromised."
News URL
Related news
- CSC ServiceWorks discloses data breach after 2023 cyberattack (source)
- How to Prevent Your First AI Data Breach (source)
- Toyota confirms third-party data breach impacting customers (source)
- National Public Data Breach: Only 134 Million Unique Emails Leaked and Company Acknowledges Incident (source)
- CannonDesign confirms Avos Locker ransomware data breach (source)
- Patelco notifies 726,000 customers of ransomware data breach (source)
- Nearly 1/3 of Companies Suffered a SaaS Data Breach in Last Year (source)
- Park’N Fly notifies 1 million customers of data breach (source)
- GDPR Data Breach Notification Letter (Free Download) (source)
- Business services giant CBIZ discloses customer data breach (source)