Wegmans customer data exposure dated to 2018

Dan Berthiaume
Senior Editor, Technology
Dan Berthiaume profile picture

Wegmans Food Markets recently notified customers that two databases used for internal business purposes were inadvertently left open for several years.

According to a brief public statement, the databases were exposed to potential outside access due to a configuration issue. Wegmans says the issue, which began in 2018 and was detected in April 2021, has since been resolved and all affected information has been secured.

Data including customer names, addresses, phone numbers, birth dates, loyalty club numbers, e-mail addresses, and passwords for access to accounts were included in these databases. However, Wegmans says that all impacted account passwords were, in technical terms, "hashed" and "salted," meaning that the actual password characters were not contained in the databases.

Social security numbers were not impacted, as Wegmans does not collect this information from its customers, and the company also said no payment card or banking information was involved. According to Wegmans, it worked with a forensics firm to investigate and determine the incident's scope, identify the information in the two databases, ensure the integrity and security of the systems, and correct the issue. The retailer also notified any customers who may have been affected.

Wegmans Food Markets Inc. is a 106-store supermarket chain with stores in New York, Pennsylvania, New Jersey, Virginia, Maryland, Massachusetts, and North Carolina.