retail news in context, analysis with attitude

Wegmans has announced that it "recently became aware that, due to a previously undiscovered configuration issue, two of our cloud databases, which are used for business purposes and are meant to be kept internal to Wegmans, were inadvertently left open to potential outside access.

"Certain customer information … was contained in these databases. This issue was first brought to our attention by a third-party security researcher and we then confirmed the configuration problem, beginning on or about April 19, 2021. We then worked diligently with a leading forensics firm to investigate and determine the incident’s scope, identify the information in the two databases, ensure the integrity and security of our systems, and correct the issue."

According to the company, "The types of impacted customer information included: names, addresses, phone numbers, birth dates, Shoppers Club numbers, as well as e-mail addresses and passwords for access to Wegmans.com accounts. However, all impacted Wegmans.com account passwords were, in technical terms, 'hashed' and 'salted,' meaning that the actual password characters were not contained in the databases.  Social security numbers were not impacted (Wegmans does not collect this information from its customers) nor was any payment card or banking information involved."