Security News > 2021 > February > Kroger data breach highlights urgent need to replace legacy, end-of-life tools

Kroger became the latest major company to announce a data breach, acknowledging in a statement that information from some current and former employees as well as customers of Kroger Health and Money Services were impacted by an attack on a third-party file transfer tool from Accellion.

The company said it is in the process of contacting victims but confirmed that none of its IT systems or any grocery store systems or data were affected by the breach.

Oliver Tavakoli, CTO at Vectra, said the attack should serve as a reminder that security teams need to be keenly aware of the third-party tools they use, particularly with sensitive data, and to aggressively patch them.

Rehan Jalil, CEO of Securiti, said enterprises rely on their vendor's resources, expertise and skills to protect data but without a standard security framework, attackers target low-hanging fruits such as outdated, legacy or vulnerable software to find sensitive data.

Jalil called on organizations to closely monitor and govern sensitive data they are responsible for while also creating data breach management plans and data maps of all data processing activities.

"Ultimately, the continued loss of information, entrusted to organizations, will cause reputational damage to companies and the trust they hope to earn. Organizations have to start owning the security of their data whether it is with them or with another partner. They need to ensure that their data can be kept safe even if a third party is compromised."

News URL

https://www.techrepublic.com/article/kroger-data-breach-highlights-urgent-need-to-replace-legacy-end-of-life-tools/#ftag=RSS56d97e7