Unlimited Digital Access - Start Today for 50% Off - Offer Expires 4/30/24

Wegmans alerts customers: Your personal data may have been compromised

Wegmans, DeWitt

This file photo shows Wegmans grocery store at 6789 E Genesee St., DeWitt.Syracuse.com | The Post-Standard file photo

By

Wegmans is alerting customers that their personal data may have been compromised.

“We appreciate your business and the trust you place in us,” the Rochester, N.Y.-based supermarket chain said in a statement Wednesday. “We take data security very seriously and wanted to inform you of an incident involving your information.”

Wegmans said it “recently became aware that, due to a previously undiscovered configuration issue, two of our cloud databases, which are used for business purposes and are meant to be kept internal to Wegmans, were inadvertently left open to potential outside access. Certain customer information, outlined below, was contained in these databases.”

The issue was brought to Wegmans’ attention by a third-party security researcher, and the company then confirmed the issue beginning on or about April 19, 2021. Wegmans hired an outside forensics firm to investigate and determine the scope of the issue and correct it.

The investigation found that customers’ personal info may have been accessed, including names, addresses, phone numbers, birth dates, and Shoppers Club numbers, as well as e-mail addresses and passwords for Wegmans.com accounts. According to Wegmans, though, its grocery store shoppers’ passwords were “hashed” and “salted,” so the actual password characters were not contained in the database.

No credit card, banking or other payment information was involved. Social security numbers, which Wegmans does not collect from customers, were also not impacted.

Wegmans did not say how many people may be affected.

The company said it has since corrected the issue, secured all affected information, and taken steps to avoid similar problems in the future. Customers may still want to change the password for their Wegmans.com accounts, as well as any other accounts that may use the same password.

“It is generally a good idea to use a unique password for each online account you may have,” Wegmans said.

Customers still interested in general information about how to prevent identity theft should contact the Federal Trade Commission at 600 Pennsylvania Avenue, NW Washington, D.C. 20580, by phone at 1-877-382-4357 or online at www.ftc.gov. New York state residents can contact the New York Department of State Division of Consumer Protection (https://www.ny.gov/agencies/division-consumer-protection; 1-800-697-1220) or the New York State Attorney General (http://www.ag.ny.gov/home.html; 1-800-771-7755).

Additional questions may be addressed at 1-855-535-1851.

If you purchase a product or register for an account through a link on our site, we may receive compensation. By using this site, you consent to our User Agreement and agree that your clicks, interactions, and personal information may be collected, recorded, and/or stored by us and social media and other third-party partners in accordance with our Privacy Policy.