BleepingComputer reports that supermarket firm Kroger suffered a data breach after they used the Accellion FTA software to transfer files. A security vulnerability found in the software allowed threat actors to hack and steal data from companies that use this service, and according to the retailer, they were the latest business to be affected by this incident. Accellion informed Kroger about the breach on January 23, which prompted the company to discontinue its use immediately. “At this time, based on the information provided by Accellion and our own investigation, Kroger believes the categories of affected data may include certain associates’ HR data, certain pharmacy records, and certain money services records. Importantly, there was no impact to grocery store data or systems; credit or debit card information; or customer account passwords,” Kroger said in its data breach advisory. Kroger is reaching out to anyone affected by the breach and is offering free credit monitoring to those affected individuals.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Washington, D.C.'s Department of Insurance, Securities and Banking has disclosed that 800GB of data claimed to have been stolen by the LockBit ransomware operation was obtained from an attack against third-party software provider Tyler Technologies following the ransomware gang's threats to expose 1GB of the exfiltrated data to coerce the agency into providing the demanded ransom, reports The Record, a news site by cybersecurity firm Recorded Future.
Organizations could have their sensitive information compromised through a high-severity vulnerability in Google Cloud, Azure, and Amazon Web Services command line interface tools dubbed "LeakyCLI", The Hacker News reports.