Security News > 2021 > June > US supermarket chain Wegmans notifies customers of data breach

Wegmans Food Markets notified customers that some of their information was exposed after the company became aware that two of its databases were publicly accessible on the Internet because of a configuration issue.

Wegmans is a 106-store major regional supermarket chain with stores in the mid-Atlantic and Northeastern regions.

"We recently became aware that, due to a previously undiscovered configuration issue, two of our cloud databases, which are used for business purposes and are meant to be kept internal to Wegmans, were inadvertently left open to potential outside access," the supermarket chain said in a press release.

After the data breach was discovered, Wegmans hired a leading forensics firm to investigate the incident and correct the database misconfiguration.

In late March, the supermarket chain also notified customers of credential stuffing attacks using credentials stolen from other online services and affecting more than 2,7000 accounts in January.

After discovering the incident in mid-February, Wegmans found that the attackers could gain access to names, phone numbers, addresses, dates of birth, and Wegmans Shoppers Club Numbers associated with the compromised Wegmans.com accounts.

News URL

https://www.bleepingcomputer.com/news/security/us-supermarket-chain-wegmans-notifies-customers-of-data-breach/