‘Wegmans’ Warns Customers of a Data Breach due to Cloud Storage Misconfiguration

Written by Bill Toulas
Last updated May 18, 2024

‘Wegmans’ has announced a data breach incident due to a cloud storage misconfiguration that has irreversibly exposed the sensitive data of a large number of its customers. The notice warns the exposed individuals of the fact and informs them that the data leak started on April 19, 2021. The company is still investigating the incident and is working with a forensics firm to secure its systems from similar occurrences in the future.

The details that have been potentially exposed to unauthorized individuals are the following:

The company specifically rules out the impact of social security number exposure, payment card, or banking information. As it boldly underlines, they don’t collect this type of data in the first place. One more clarification that is given is that the passwords were hashed and salted, so there’s some encryption involved; however, no details about which algorithm was used for this purpose were given. As such, if you have an account on Wegmans or if you use the same credentials elsewhere, we would suggest that you reset your password immediately.

Wegmans is a large American supermarket chain that operates 106 stores in seven states, with almost half of them being in New York. The company hasn’t given an exact number, but it will count millions of regular buyers if this affects the entire customer base. That is especially the case after the pandemic year, which pushed people to shop online and have their orders delivered. Wegmans talks about two databases, so this may or may not concern a limited set.

Kevin Dunne, President at Pathlock, has shared the following comment with TechNadu:

The Wegmans breach highlights a recurring trend we are seeing: enterprises are storing more customer information than ever in their business applications. CISOs and Data Privacy officers need to work with the business to understand what critical customer information is being stored where. Unprotected data silos undermine the work that security and data teams do to maintain strict controls over the core internal systems. When these business systems aren't properly overseen, they can introduce a new risk loophole that risks compliance with data privacy regulations like GDPR and CCPA.

If you are a customer of Wegmans, just reset your password on the platform and pick something strong and unique. If you are worried and need more information on how to stay protected from the arising risks, call the firm’s line at 1-855-535-1851. In the meantime, watch out for scamming and phishing attempts via email, SMS, or even post mail.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: