© 2021 Western New York Public Broadcasting Association

140 Lower Terrace
Buffalo, NY 14202

Mailing Address:
Horizons Plaza P.O. Box 1263
Buffalo, NY 14240-1263

Buffalo Toronto Public Media | Phone 716-845-7000
WBFO Newsroom | Phone: 716-845-7040
Your NPR Station
Play Live Radio
Next Up:
0:00
0:00
Available On Air Stations
MAYORAL ROUNDTABLES: India Walton and Byron Brown answer questions from seven WBFO reporters in two one hour specials.
Business/Economy

Wegmans says customers' personal data may have been exposed

Wegmans.jpg
Randy Gorbman
/
WXXI News

Wegmans is notifying customers that some of their information may have exposed due to a database problem.

Wegmans recently notified customers that two databases used for the company’s internal business purposes were inadvertently left open to potential outside access.

The supermarket chain says that it confirmed the problem around April 19, 2021, but they say the configuration issue, as it’s called, actually began in 2018.

Wegmans says the types of impacted customer information included names, addresses, phone numbers, birthdates and email addresses. The company says that no payment card or banking information was involved.

Wegmans says that it has since secured all of the affected information and taken steps to avoid the occurrence of similar issues in the future. Although customers' passwords were protected, customers can change the password to their wegmans.com account as among the steps they might consider taking.

Here is some of the information Wegmans put out in a press release:

Wegmans Food Markets recently notified customers that two databases used for Wegmans internal business purposes were inadvertently left open to potential outside access due to a configuration issue. The issue has since been resolved and all affected information has been secured.

What information was potentially affected?
Customer names, addresses, phone numbers, birth dates, Shoppers Club numbers, e-mail addresses and passwords for access to Wegmans.com accounts were included in these databases. However, all impacted Wegmans.com account passwords were, in technical terms, "hashed" and "salted," meaning that the actual password characters were not contained in the databases.

Social security numbers were not impacted (Wegmans does not collect this information from its customers) nor was any payment card or banking information involved.

When did this happen?
Wegmans first learned of the problem on or around April 19, 2021. The configuration issue began in 2018.

What is Wegmans doing about this issue?
Wegmans worked diligently with a leading forensics firm to investigate and determine the incident's scope, identify the information in the two databases, ensure the integrity and security of the systems, and correct the issue.

Customers with questions can call 1-855-535-1851 Monday-Friday from 9 a.m.-9 p.m., except holidays.

Related Content