We learned a few days ago that the grocery and pharmacy chain Kroger had suffered a data breach of which it first became aware on January 23rd, but did not notify its customers of the breach until a few days ago.  In a statement released on February 19th, Kroger indicated that it believes fewer than 1% of its customers were affected.  Those affected were primarily users of its Health and Money Services along with current and former employees whose personnel records were compromised.  Kroger also said that the data breach did not reach its stores’ IT systems or grocery store systems.  Kroger indicated that it will be contacting those people affected by the data breach and are offering them free credit monitoring.

The Kroger data breach was not limited to Kroger, but was accomplished through the hacking of a third-party vendor, Accellion a company that produces file transfer software used for sharing large amounts of data and substantial email attachments that was used by Kroger and many other companies who also have been compromised.   Cybercriminals often use the information gathered in data breaches to form the basis of scams that start with spear phishing emails which are phishing emails specifically tailored with information about you and your interests. These spear phishing emails will attempt to lure you into either providing personal information that can be used to make you a victim of identity theft or to click on links containing harmful malware.  In other instances, the hackers will gather sensitive information such as Social Security numbers that may be obtained through data breaches to directly steal the identities of the victims of the data breach.

TIPS

This data breach is another reminder that you are only as secure as the websites with the weakest security that have your personal information.  As for protecting yourself from spear phishing emails, everyone should be skeptical of any email asking for personal information or prompting you to click on a link. Never provide such information or click on links until you have confirmed that the email is legitimate.

I also urge you to regularly go to the website https://haveibeenpwned.com/ where you can insert your email address and find what data breaches may have compromised your information.

Data breaches also can serve as a reminder to everyone that if you have not already frozen your credit reports at the three major credit reporting bureaus, you should do so now.  Freezing your credit reports is the single best thing you can do to protect yourself from becoming a victim of identity theft.   Here are links to each of the credit bureaus with instructions about how to get a credit freeze:

https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.experian.com/freeze/center.html

Once you have frozen your credit, be sure to keep the PIN and information on how to unfreeze your credit report in a safe place

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/