Due to a “misconfiguration,” two databases at US grocery chain Wegmans Food Markets were available publicly, resulting in a data breach. Customers’ addresses, names, phone numbers, birth dates, Shoppers Club numbers, email addresses, and passwords of Wegmans.com accounts were contained within those databases, according to the business, which is based in New York.
According to Wegmans, account passwords were hashed and salted, and no social security numbers or financial information were obtained. Wegmans claimed the misconfiguration problem occurred “on or about April 19, 2021” and was fixed when a security researcher alerted them to it.
According to the press release: “Wegmans worked diligently with a leading forensics firm to investigate and determine the incident’s scope, identify the information in the two databases, ensure the integrity and security of the systems, and correct the issue.
“Wegmans also notified any customers who may have been affected by this issue.”
It’s unclear how many people were affected.