Wegmans Reveals ‘Database Configuration Issue’

Wegmans Food Markets has notified customers that two databases used as part of the company’s internal business “were inadvertently left open to potential outside access due to a configuration issue.” According to the retailer, “The issue has since been resolved and all affected information has been secured.”

Although the affected databases included customer names, addresses, phone numbers, birth dates, Shoppers Club numbers, e-mail addresses and passwords for access to Wegmans.com accounts, all the Wegmans.com account passwords “were, in technical terms, ‘hashed’ and ‘salted,’ meaning that the actual password characters weren’t contained in the databases,” Wegmans explained to consumers.

Further, Social Security numbers weren’t affected, as Wegmans doesn’t collect them from its customers, and no payment card or banking information was involved, the company said, adding that although the configuration issue apparently started back in 2018, Wegmans only found out about it in April of this year.

According to the grocer, it worked with “a leading forensics firm,” which it declined to identify, to investigate and determine the scope of the incident, figure out what information was contained in the two databases, ensure the systems’ integrity and security, and correct the issue. Wegmans also informed any customers who were potentially affected by the problem. 

Family-owned Wegmans operates 106 stores in New York, Pennsylvania, New Jersey, Virginia, Maryland and Massachusetts. The Rochester, N.Y.-based company is No. 35 on Progressive Grocer’s 2021 PG 100 list of the top grocers in the United States.