BUFFALO, N.Y. (WKBW) — In an email Wednesday Wegmans notified its customers of a database configuration issue that left customer information open to potential outside access.
Wegmans said "We appreciate your business and the trust you place in us. We take data security very seriously and wanted to inform you of an incident involving your information."
According to Wegmans due to a previously undiscovered issue two of its cloud databases, which it says are used for business purposes and are meant to be kept internal, were left open to potential outside access.
The information involved was:
- Phone numbers
- Birth dates
- Shoppers Club numbers
- Email addresses and passwords to Wegmans.com accounts
According to Wegmans, the actual characters of the passwords were not contained in the databases and "social security numbers were not impacted (Wegmans does not collect this information from its customers) nor was any payment card or banking information involved."
The issue was brought to Wegmans' attention by a third-party security researcher and then confirmed by Wegmans on April 19, 2021. The configuration issue began in 2018. Wegmans says it then worked with a forensics firm to investigate and determine the incident's scope and have since corrected the configurations and secured all affected information.
According to Wegmans, the investigation was unable to uncover what information may have been actually accessed, if any.
Wegmans says although the passwords were protected through "hashing", it is recommended you change your password for your Wegmans.com account and any other account you use the same password for.
Those with questions can contact 1-855-535-1851, Monday through Friday, from 9am-9pm ET, except holidays.
For information on preventing identity theft you can contact the Federal Trade Commission at 1-877-382-4357 or visit their website here. You can also contact the New York State Division of Consumer Protection at 1-800-697-1220 or visit their website here.