![]() ![]() The data breach at issue in the Wednesday complaint allegedly revealed a vulnerability in Accellion’s file transfer appliance (FTA) that also had been exposed in the December 2020 breach. 19.Īccellion came under fire recently because of a separate data breach in December 2020 that disclosed client information to hackers. Lead plaintiffs Ricky Cochran and Alain Berrebi alleged that “sensitive personal information,” such as names, email addresses, phone numbers, home addresses, dates of birth, Social Security numbers, bank account information, and prescription information, among other data, of Kroger Health and Money Services customers were disclosed to third parties after the file transfer platform of Accellion, which had been providing third-party file transfer services to Kroger, was compromised. and Accellion Inc., over a breach of a Kroger pharmacy that allegedly compromised the data of Kroger pharmacy customers. The complaint alleges that Kroger did not comply with Federal Trade Commission requirements and standards for data security.On Wednesday in the Northern District of California, two individuals filed a proposed class-action complaint against the Kroger Co. The complaint claims, “The breach occurred after hackers exploited a vulnerability in Accellions’s legacy FTA software through traditional SQL injection methodology.” The data breach that exposed the PII of Kroger employees occurred on December 25, 2020. The complaint alleges, “Upon information and belief, the fact that it was no longer supported by CentOS meant that the FTA software would no longer receive expected vulnerability testing and patching.” CentOS announced in late 2019 that it would stop supporting CentOS 6 after November 30, 2020. The old FTA software used CentOS for its functions. It has been encouraging customers to migrate to “migrate to its newer, more secure products ‘Kiteworks,’ which was launched roughly four years ago” but Kroger had not done this. In fact, Accellion had announced it would no longer offer the FTA product as of April 30, 2021. The complaint claims, “This self-described ‘legacy’ product is 20 years old and incapable of preventing modern data security threats.” Kroger entrusted the confidential PII of its employees to Accellion, for secure file transfer, using a product called FTA. In fact, prior to the breach, Accellion encouraged Kroger to move to a newer and more secure transfer platform.” How is Kroger responsible? The complaint alleges, “Kroger was aware and had full knowledge that Accellion’s data security on the platform Kroger used was lax. Kroger used Accellion to make secure file transfers. The personally identifying information (PII) that was stolen included names, contact information, birth dates, Social Security information, and for some, salary information. However, the complaint contends that the data breach actually happened in December 2020. Kroger distributed a Notice of Data Breach on March 11, 2021, claiming that Accellion had experienced a data breach on January 23, 2021. A Kansas Subclass has also been proposed for those in the class who live in Kansas. ![]() The class for this action is all persons living in the US who are or were employees of Kroger or any of its affiliates, parents, or subsidiaries whose PII was compromised in the data breach that occurred in or around December 2020. In the event of a data breach, can an employee whose information was compromised bring suit against its employer rather than the company that experienced the data breach? This class action brings suit against the Kroger Company, claiming it bears responsibility in the case of the “large and preventable” data breach suffered by its vendor Accellion, Inc. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |