Hackers were able to exploit a Zero-Day vulnerability in that software and use it to steal data from vendors using it. Kroger wound up in the crosshairs.
Kroger's official statement in response to the breach reads in part as follows:
"At this time, based on the information provided by Accellion and our own investigation, Kroger believes the categories of affected data may include certain associates' HR data, certain pharmacy records, and certain money services records.
Importantly, there was no impact to grocery store data or systems; credit or debit card information; or customer account passwords."
While it is good news indeed that no payment card information was stolen, the Federal government takes a dim view of anyone who loses control over medical information of any type. So this may land both companies in hot water, depending on the final findings of the investigation into the matter.
In any case, if you are a Kroger shopper, and especially if you make use of Kroger's pharmacy, be aware that some of your personal information may be compromised. That means that in the weeks and months ahead, you may be targeted by phishing emails in a bid to get enough information from you so that the hackers can steal your identity. Be on your guard against that.
It's also worth noting that Kroger is a big company, employing more than half a million people in nearly 3000 locations, nationwide, and with sales in excess of $122 billion. That's significant because it underscores that no company, regardless of how big, is safe from the hackers of the world. Stay vigilant, the year is still young.