Kroger Notifies Customers of Email Database Breach
The Kroger Co. notified its customers late on Friday that a breach of its database that stores customers' names and email addresses occurred at Epsilon, a third-party vendor that the Cincinnati-based retailer and other companies use to manage email communications.
In an email alert issued to registered Kroger customers, the nation's largest traditional grocery retailer stressed that the only information obtained was names and email addresses, as relayed in the text of the message sent to customers as follows:
“Dear Valued Customer,
Kroger wants you to know that the data base with our customers' names and email addresses has been breached by someone outside of the company. This data base contains the names and email addresses of customers who voluntarily provided their names and email addresses to Kroger. We want to assure you that the only information that was obtained was your name and email address. As a result, it is possible you may receive some spam email messages. We apologize for any inconvenience.
“Kroger wants to remind you not to open emails from senders you do not know. Also, Kroger would never ask you to email personal information such as credit card numbers or social security numbers. If you receive such a request, it did not come from Kroger and should be deleted.”
The email alert went on to instruct customers with questions or concerns to call Kroger’s customer service center at 1-800-Krogers (1-800-576-4377) or visit www.kroger.com/email_faq for additional information.
In addition to Kroger customer emails, the data breach also included some email addresses of JPMorgan Chase customers.
Epsilon, whose customers also include Visa, Kraft, Citibank and Marriott International, acknowledged the incident in a brief statement Friday. "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system," Epsilon said. "The information that was obtained was limited to email addresses and/or customer names only.”
Clothing boutique chain New York & Co., another Epsilon customer, also revealed to customers that it was affected by the breach, according to DailyTech.com.
According to a report in SecurityWeek, other customers that had their databases lost in the breach include U.S. Bank, JPMorgan Chase & Co.; Verizon Communications Inc.;Capital One Financial Corp.; Marriott International Inc.; the Ritz-Carlton Hotel Co; Citigroup Inc.; Brookstone Inc.; McKinsey & Co. Inc.; and Walgreen Co. These organizations have not all confirmed the breach, though several have announced that they are investigating whether data was lost, DailyTech.com reported.
Kroger operates 2,458 supermarkets and multi-department stores in 31 states under two dozen local banner names.