— Patient names
— Email addresses
— Phone numbers
— Home addresses
— Dates of birth
— Social Security numbers
— Information used to process insurance claims
— Prescription information such as prescription number, prescribing doctor, medication names and dates, medical history, as well as certain clinical services, such as whether the patient was ordered a flu test.
An unauthorized person gained access to Accellion, a software company formerly used by Kroger, to securely transfer files, Cincinnati.com reported.
The unknown person accessed certain Kroger files by exploiting a vulnerability in the file transfer service, according to the Kroger release.
Kroger stopped using Accellion’s services after being informed of the incident.
Kroger said the incident affected beneficiaries under The Kroger Co. Health and Welfare Benefit Plan, and The Kroger Co. Retiree Health and Welfare Benefit Plan, according to Cincinnati.com.
Potentially affected customers are in the process of being notified by Kroger.
The data breach potentially affects The Little Clinic, Kroger Pharmacies as well as its other family of pharmacies operated by Ralphs Grocery Company and Fred Meyer Stores Inc., Cincinnati.com reported.
The affiliated pharmacies possibly affected also include Jay C Food Stores, Dillon Companies LLC, Baker’s, City Market, Gerbes, King Soopers, Quality Food Centers, Roundy’s Supermarkets Inc., Copps Food Center Pharmacy, Mariano’s Metro Market, Pick N Save, Harris Teeter LLC, Smith’s Food and Drug, Fry’s Food Stores, Healthy Options Inc., Postal Prescription Services, Kroger Specialty Pharmacy Holdings and Inc.