Wegmans Warns Customers' Personal Info May Have Been Exposed

HARRISON, NY — Wegmans officials have alerted customers that their personal information may have been exposed in what they describe as a “security incident.”

The New York-based grocery store chain with stores in the Hudson Valley said they became aware in April that two of its cloud databases were inadvertently left open to potential outside access. The company said the information was intended only for internal use.

In a statement, Wegmans officials said the potentially exposed customer information included names, addresses, phone numbers, birth dates, Shoppers Club numbers and email addresses. Passwords for access to Wegmans.com accounts were also unsecured for an unknown time period.

Wegmans today assured customers that social security numbers and payment information, such as credit card numbers or banking information, was never at risk. The company says it does not collect or store any type of customer financial information.

The at-risk Wegmans.com account passwords were “hashed” according to a Wegmans spokesperson. The actual password characters were hidden from the view of anyone accessing the exposed databases.

The company first became aware of the “security incident” when the lapse was brought to their attention by a “third-party security researcher.”

"We then worked diligently with a leading forensics firm to investigate and determine the incident’s scope, identify the information in the two databases, ensure the integrity and security of our systems, and correct the issue," Wegmans said in it’s alert to customers. "We have also taken steps to avoid the occurrence of similar issues in the future."

The company said they have fixed the vulnerable database configurations and secured all of the exposed sensitive personal information.

Although all of the exposed passwords were hidden from unauthorized users, the company still suggests that customers change the passwords to their accounts and any other accounts that might use the same password.