‘Wegmans’ Warns Customers of a Data Breach Due to Cloud Storage Misconfiguration

A supermarket chain in the U.S. has announced the event of a cloud storage misconfiguration.
This may have exposed some sensitive details of the chain's customers, including names, email addresses, and phone numbers.
The circulated notice informs the clients that the leak started a few months back.

‘Wegmans’ has announced a data breach incident due to a cloud storage misconfiguration that has irreversibly exposed the sensitive data of a large number of its customers. The notice warns the exposed individuals of the fact and informs them that the data leak started on April 19, 2021. The company is still investigating the incident and is working with a forensics firm to secure its systems from similar occurrences in the future.

The details that have been potentially exposed to unauthorized individuals are the following:

Full names
Physical addresses
Phone numbers
Birth dates
Shoppers Club numbers
E-mail addresses and passwords for Wegmans.com accounts

The company specifically rules out the impact of social security number exposure, payment card, or banking information. As it boldly underlines, they don’t collect this type of data in the first place. One more clarification that is given is that the passwords were hashed and salted, so there’s some encryption involved; however, no details about which algorithm was used for this purpose were given. As such, if you have an account on Wegmans or if you use the same credentials elsewhere, we would suggest that you reset your password immediately.

Wegmans is a large American supermarket chain that operates 106 stores in seven states, with almost half of them being in New York. The company hasn’t given an exact number, but it will count millions of regular buyers if this affects the entire customer base. That is especially the case after the pandemic year, which pushed people to shop online and have their orders delivered. Wegmans talks about two databases, so this may or may not concern a limited set.

Kevin Dunne, President at Pathlock, has shared the following comment with TechNadu:

The Wegmans breach highlights a recurring trend we are seeing: enterprises are storing more customer information than ever in their business applications. CISOs and Data Privacy officers need to work with the business to understand what critical customer information is being stored where. Unprotected data silos undermine the work that security and data teams do to maintain strict controls over the core internal systems. When these business systems aren't properly overseen, they can introduce a new risk loophole that risks compliance with data privacy regulations like GDPR and CCPA.

If you are a customer of Wegmans, just reset your password on the platform and pick something strong and unique. If you are worried and need more information on how to stay protected from the arising risks, call the firm’s line at 1-855-535-1851. In the meantime, watch out for scamming and phishing attempts via email, SMS, or even post mail.

‘Wegmans’ Warns Customers of a Data Breach due to Cloud Storage Misconfiguration