Any former Kroger employees will want to check with the company that their data has not been compromised after it was reported that many current and former employees’ personal information- including social security numbers and birth dates- may have been breached as a result of a compromise within Equifax’s W-2Express website. In a released email, Kroger said that “while the investigation into the Equifax ‘security incident’ is ongoing, it appears that unknown individuals accessed the W-2Express website using default login information based on Social Security numbers (SSN) and dates of birth, which we believe were obtained from some other source, such as a prior data breach at other institutions.” Kroger has stressed that no signs point to any information within its own systems being leaked and that it is working with Equifax to take any necessary security measures.
Kroger states that any affected victims will be notified as more information becomes available and that credit monitoring services will also be provided. Mark Bower, global director, product management, for HPE Security-Data Security, told SCMagazine.com in emailed comments that “Organizations are getting the message that they need to protect customer data, however, this is an important lesson to realize they also need to guard their employees’ Personally Identifiable Information (PII) just as closely.”