WXXI AM News

Wegmans says customers' personal data may have been exposed

Jun 16, 2021

Wegmans is notifying customers that some of their information may have exposed due to a database problem.

Wegmans says two databases used for the company’s internal business purposes were inadvertently left open to potential outside access.

The supermarket chain says that it confirmed the problem around April 19, 2021, but they say the configuration issue, as it’s called, actually began in 2018.

Wegmans says the types of impacted customer information included names, addresses, phone numbers, birthdates and email addresses. The company says that no payment card or banking information was involved.

Wegmans says that it has since secured all of the affected information and taken steps to avoid the occurrence of similar issues in the future. Wegmans says that although customers' passwords were protected, customers can change the password to their wegmans.com account as among the steps they might consider taking. 

Here is some of the information Wegmans put out in a press release:

Wegmans Food Markets recently notified customers that two databases used for Wegmans internal business purposes were inadvertently left open to potential outside access due to a configuration issue. The issue has since been resolved and all affected information has been secured.

What information was potentially affected?

Customer names, addresses, phone numbers, birth dates, Shoppers Club numbers, e-mail addresses and passwords for access to Wegmans.com accounts were included in these databases. However, all impacted Wegmans.com account passwords were, in technical terms, "hashed" and "salted," meaning that the actual password characters were not contained in the databases.

Social security numbers were not impacted (Wegmans does not collect this information from its customers) nor was any payment card or banking information involved.

When did this happen?

Wegmans first learned of the problem on or around April 19, 2021. The configuration issue began in 2018.

What is Wegmans doing about this issue?

Wegmans worked diligently with a leading forensics firm to investigate and determine the incident's scope, identify the information in the two databases, ensure the integrity and security of the systems, and correct the issue.

Wegmans also notified any customers who may have been affected by this issue. Customers with questions can call 1-855-535-1851, Monday through Friday, from 9am-9pm ET, except holidays.