{
	"id": "6fe8a34e-c78b-40ce-8b5a-782e8cfc6b9e",
	"created_at": "2026-04-06T00:07:14.47577Z",
	"updated_at": "2026-04-10T13:12:54.615049Z",
	"deleted_at": null,
	"sha1_hash": "4133981c17ff67a671bad85a4fe700516f3b0d66",
	"title": "Kroger data breach exposes pharmacy and employee data",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2637698,
	"plain_text": "Kroger data breach exposes pharmacy and employee data\r\nBy Lawrence Abrams\r\nPublished: 2021-02-20 · Archived: 2026-04-05 16:32:36 UTC\r\nSupermarket giant Kroger has suffered a data breach after a service used to transfer files securely was hacked, and threat\r\nactors stole files.\r\nKroger is one of the largest retailers in the world, with almost 2,800 stores in 35 states. Kroger employs approximately\r\n500,000 people and had over $122 billion in sales for 2019.\r\nYesterday, Kroger disclosed that they were the latest company to be affected by a security vulnerability in the Accellion FTA\r\nsoftware that allowed hackers to steal data from companies utilizing the service.\r\nhttps://www.bleepingcomputer.com/news/security/kroger-data-breach-exposes-pharmacy-and-employee-data/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/kroger-data-breach-exposes-pharmacy-and-employee-data/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nAccording to a data breach advisory published yesterday, Kroger was informed by Accellion of their breach on January\r\n23rd, 2021, and immediately discontinued the service's use.\r\nAs part of their investigation into the attack, Kroger has determined that no grocery store data, including payment\r\ninformation, was impacted by the breach. However, the breach did expose human resources data and pharmacy records.\r\n\"At this time, based on the information provided by Accellion and our own investigation, Kroger believes the categories of\r\naffected data may include certain associates’ HR data, certain pharmacy records, and certain money services records.\"\r\n\"Importantly, there was no impact to grocery store data or systems; credit or debit card information; or customer account\r\npasswords,\" Kroger explained in their data breach advisory.\r\nKroger states that they are in the process of contacting those affected via postal mail. For those affected, Kroger is offering a\r\nfree year of credit monitoring.\r\nAccellion attacks have a wide-reaching impact\r\nKroger is just one of what is becoming a long list of companies affected by the vulnerability in the Accellion FTA service\r\nthat hackers exploited over the past few months.\r\nIn mid-December, Accellion disclosed that they learned of an actively exploited zero-day vulnerability in their FTA secure\r\nfile-transfer service. Threat actors exploited this vulnerability to steal data from companies who utilized the service to\r\ncommunicate with customers and partners securely.\r\nAccellion released a patch on Christmas Day, but by the time companies received the update and applied it, threat actors had\r\nalready gained access to their data.\r\nSome of those affected by the Accellion breach have received ransom notes from threat actors demanding payment, or their\r\ndata would be publicly released.  \r\nAs Accellion FTA service is used by many companies, educational institutions, and government agencies, we will continue\r\nto see further data breach advisories released over time.\r\nPrevious Accellion-related data breaches include the Singtel, QIMR Berghofer Medical Research Institute, Reserve Bank of\r\nNew Zealand, the Australian Securities and Investments Commission (ASIC), and the Office of the Washington State\r\nAuditor (\"SAO\").\r\nhttps://www.bleepingcomputer.com/news/security/kroger-data-breach-exposes-pharmacy-and-employee-data/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/kroger-data-breach-exposes-pharmacy-and-employee-data/\r\nhttps://www.bleepingcomputer.com/news/security/kroger-data-breach-exposes-pharmacy-and-employee-data/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/kroger-data-breach-exposes-pharmacy-and-employee-data/"
	],
	"report_names": [
		"kroger-data-breach-exposes-pharmacy-and-employee-data"
	],
	"threat_actors": [],
	"ts_created_at": 1775434034,
	"ts_updated_at": 1775826774,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4133981c17ff67a671bad85a4fe700516f3b0d66.pdf",
		"text": "https://archive.orkl.eu/4133981c17ff67a671bad85a4fe700516f3b0d66.txt",
		"img": "https://archive.orkl.eu/4133981c17ff67a671bad85a4fe700516f3b0d66.jpg"
	}
}