Customer data breached at Wegmans

The food store chain Wegmans, which has a supermarket in Harrison, has notified its customers that two of its cloud-based databases that “are meant to be kept internal to Wegmans, were inadvertently left open to potential outside access.” The databases contain customer information.

Wegmans said that it found out about the problem from a third-party security researcher  and has been working on it since April 19.

“We then worked diligently with a leading forensics firm to investigate and determine the incident”™s scope, identify the information in the two databases, ensure the integrity and security of our systems and correct the issue,” Wegmans said in a statement.

The company said the impacted customer information included names, addresses, phone numbers, birth dates, Shoppers Club numbers, email addresses and passwords for access to Wegmans.com accounts.

It stated that credit card, banking and Social Security information was not stored in the databases and was not impacted. Wegmans did not report the number of customer records that might have been exposed.

“When we discovered the issue, we worked with leading outside experts to investigate the matter. We have since corrected configurations and secured all affected information. We have also taken steps to avoid the occurrence of similar issues in the future,” Wegmans said.

Wegmans advised its customers that while passwords did have some protection because of the way in which they are stored, to be on the safe side customers should change their passwords.

Wegmans advised that for help regarding prevention of identity theft, customers can contact the Federal Trade Commission in Washington, D.C., or the New York State Attorney General”™s Office or the state’s Division of Consumer Protection.