‘Wegmans’ Warns Customers of a Data Breach due to Cloud Storage Misconfiguration

  • A supermarket chain in the U.S. has announced the event of a cloud storage misconfiguration.
  • This may have exposed some sensitive details of the chain's customers, including names, email addresses, and phone numbers.
  • The circulated notice informs the clients that the leak started a few months back.

‘Wegmans’ has announced a data breach incident due to a cloud storage misconfiguration that has irreversibly exposed the sensitive data of a large number of its customers. The notice warns the exposed individuals of the fact and informs them that the data leak started on April 19, 2021. The company is still investigating the incident and is working with a forensics firm to secure its systems from similar occurrences in the future.

The details that have been potentially exposed to unauthorized individuals are the following:

  • Full names
  • Physical addresses
  • Phone numbers
  • Birth dates
  • Shoppers Club numbers
  • E-mail addresses and passwords for Wegmans.com accounts

The company specifically rules out the impact of social security number exposure, payment card, or banking information. As it boldly underlines, they don’t collect this type of data in the first place. One more clarification that is given is that the passwords were hashed and salted, so there’s some encryption involved; however, no details about which algorithm was used for this purpose were given. As such, if you have an account on Wegmans or if you use the same credentials elsewhere, we would suggest that you reset your password immediately.

Wegmans is a large American supermarket chain that operates 106 stores in seven states, with almost half of them being in New York. The company hasn’t given an exact number, but it will count millions of regular buyers if this affects the entire customer base. That is especially the case after the pandemic year, which pushed people to shop online and have their orders delivered. Wegmans talks about two databases, so this may or may not concern a limited set.

Kevin Dunne, President at Pathlock, has shared the following comment with TechNadu:

The Wegmans breach highlights a recurring trend we are seeing: enterprises are storing more customer information than ever in their business applications. CISOs and Data Privacy officers need to work with the business to understand what critical customer information is being stored where. Unprotected data silos undermine the work that security and data teams do to maintain strict controls over the core internal systems. When these business systems aren't properly overseen, they can introduce a new risk loophole that risks compliance with data privacy regulations like GDPR and CCPA.

If you are a customer of Wegmans, just reset your password on the platform and pick something strong and unique. If you are worried and need more information on how to stay protected from the arising risks, call the firm’s line at 1-855-535-1851. In the meantime, watch out for scamming and phishing attempts via email, SMS, or even post mail.

How to Watch Christmas on Cherry Lane Online from Anywhere
Christmas on Cherry Lane depicts three families and their holiday traditions. This holiday film will premiere on the Hallmark Channel in the...
How to Watch EPCR Challenge Cup 2023/24 Online from Anywhere 
Rugby fans are looking forward to the start of the EPCR Challenge Cup 2023, which will pit 18 of the top club...
How to Watch Merry Little Batman Online Free from Anywhere
The beginning of the holiday season heralds the release of a new superhero Christmas special, Merry Little Batman, which takes us to...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari