www.nbcnewyork.com
Open in
urlscan Pro
104.92.226.53
Public Scan
URL:
https://www.nbcnewyork.com/news/local/ny-ag-wegmans-to-pay-400k-for-data-breach-that-exposed-customers-personal-info/3757393/
Submission: On November 29 via manual from US — Scanned from US
Submission: On November 29 via manual from US — Scanned from US
Form analysis 4 forms found in the DOM
GET https://www.nbcnewyork.com/
<form class="search-form" role="search" method="get" action="https://www.nbcnewyork.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input class="search-form-input" type="search" value="" name="s" placeholder="Search">
</label>
<input type="submit" class="search-submit" value="Search">
</form><form class="short-form">
<div class="field-wrap display-flex"><label class="" for="name">Enter your email</label><input class="newsletter-widget__email " type="email" name="name" required="" placeholder="Enter your email"><button class="newsletter-widget__button "
type="submit"><span class="newsletter-widget__button-text">Sign up</span></button></div>
</form>GET https://www.nbcnewyork.com/
<form class="search-form" role="search" method="get" action="https://www.nbcnewyork.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input class="search-form-input" type="search" value="" name="s" placeholder="Search">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://www.nbcnewyork.com/
<form class="search-form" role="search" method="get" action="https://www.nbcnewyork.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input class="search-form-input" type="search" value="" name="s" placeholder="Search">
</label>
<input type="submit" class="search-submit" value="Search">
</form>Text Content
Skip to content Main Navigation Search Search for: Local Weather Investigations Baquero Video TV Listings Our Voices Newsletters Partly Cloudy 31º Live TV Trending Watch 24/7 Rockefeller Center Christmas Tree Israel-Hamas War Giving Tuesday Rosalynn Carter iPhone NameDrop Feature Gmail Accounts Deleted Supporting Our Schools Send Photos/Videos to NBC NY New York Live Open House Expand New York NY AG: WEGMANS TO PAY $400K FOR DATA BREACH THAT EXPOSED MILLIONS' PERSONAL INFO ALLEGEDLY, THE GROCERY CHAIN KEPT CUSTOMERS' PERSONAL INFORMATION STORED IN MISCONFIGURED CLOUD CONTAINERS THAT MADE IT EASY FOR HACKERS TO ACCESS THE INFORMATION. PUBLISHED JUNE 30, 2022 • UPDATED ON JULY 1, 2022 AT 6:09 AM Gabby Jones/Bloomberg via Getty Images A customer pushes a shopping cart outside of a Wegmans Food Markets Inc. supermarket (Photographer: Gabby Jones/Bloomberg via Getty Images) Grocery chain Wegmans will pay $400,000 in penalties to New York, as well as upgrade its data security practices, following an data breach that exposed the personal information of more than three million customers nationwide, including more than 830,000 New Yorkers, according to the state's attorney general. The compromised information included usernames and passwords to Wegmans accounts, customers' names, emails, addresses and other data fro, drivers' license numbers, according to according to New York Attorney General Letitia James. “Wegmans failed to safely store and seal its consumers’ personal information, instead it left sensitive information out in the open for years,” James said. “Today, Wegmans is paying the price for recklessly handling and exposing millions of consumers’ personal information on the internet. In the 21st century, there’s no excuse for companies to have poor cybersecurity systems and practices that hurt consumers.” According to the attorney general, in April 2021, a security researcher told Wegmans that a cloud storage container was left unsecured and open to public access, possibly exposing consumers’ sensitive information. The container was allegedly misconfigured from its creation in January 2018 until April 2021, and at some point an unauthorized actor could have accessed and cracked account credentials. In May 2021, Wegmans discovered a second cloud storage container with customers' personal information that was also misconfigured. The following month, Wegmans began informing the customers whose personal information was compromised. > Get Tri-state area news and weather forecasts to your inbox. Sign up for NBC > New York newsletters. According to the attorney general's office, Wegmans will adopt new measures, on top of the thousands of dollars it agreed to pay. Some of the measures include: * Keeping an information security program that includes regular updates to keep pace with changes in technology and security threats; * Reporting security risks to the company's leadership; * Maintaining appropriate asset management practices, including maintaining an inventory of all cloud assets; * Establishing policies and procedures to ensure all cloud assets containing personal information have appropriate access controls to limit access to such information; * Developing a penetration testing program that includes at least one annual comprehensive penetration test of Wegmans’ cloud environment; * Establishing appropriate password policies and procedures for customer accounts, including encouraging customers to use strong passwords, educating customers on the benefits of multifactor authentication, and prohibiting password reuse; * Maintaining a reasonable vulnerability disclosure program that allows third parties, such as security researchers, to disclose vulnerabilities; * Establishing appropriate practices for customer account management and authentication, including notice, a security challenge, or re-authentication for account changes; and, * Updating its data collection and retention practices. In a statement to News 4 New York, the supermarket chain said it takes security seriously and that it has improved its processes after the breach was discovered, although there was no evidence that the data was accessed improperly or misused. NEWS Rockefeller Center Christmas Tree 14 hours ago ROCKEFELLER CENTER CHRISTMAS TREE LIGHTING: WHAT TO KNOW ABOUT ATTENDING IN PERSON, ROAD CLOSURES Rockefeller Center Christmas Tree 13 hours ago MEET THE MAN WHO PICKS THE ROCKEFELLER CENTER CHRISTMAS TREE EACH YEAR "Wegmans takes security of customer information very seriously and immediately remedied the situation once it was discovered," the supermarket chain said in its statement. "We have improved our processes to better protect customer information in the future. While we do not agree with some of the conclusions drawn by the attorney general, we cooperated fully in the investigation and are glad it has been concluded." Wegmans went on to say: "This was a configuration issue with two cloud storage containers, and did not involve any other part of the Wegmans network. This type of configuration issue is common, unfortunately, and Wegmans has redoubled its efforts to avoid the issue in the future. There was also no indication that customer data was accessed improperly or otherwise misused. No customer credit card or other sensitive data was involved." THIS ARTICLE TAGGED UNDER: New YorkWegmansdata breach Money Awaits Money Awaits| SponsoredSponsored Click HereMalicious Compliance: People Share How They Got Revenge By Following The Rules Undo Emma Emma| SponsoredSponsored Watch NowTop Gut Doctor: Why Fiber Does not Help With Constipation Undo Suggest-me Suggest-me| SponsoredSponsored You Might Not Want to Ignore Dental Implant Offer In Indianola Undo Best Tech Trend Best Tech Trend| SponsoredSponsored Learn MoreHere Are 23 Of The Coolest Gifts For Black Friday 2023 Undo Money Awaits Money Awaits| SponsoredSponsored Click HereBilingual People Share The Hilarious Things They Overheard From People Who Assumed They Couldn’t Und Undo TRENDING STORIES * MATTHEW PERRY Matthew Perry's stepdad Keith Morrison speaks out on his death * ROCKEFELLER CENTER CHRISTMAS TREE Rockefeller Center Christmas Tree Lighting 2023: What time the tree is lit and how to watch * LONG ISLAND Man barricaded himself inside LI home after assaulting girl, chasing her outside: Cops * DATA BREACH At least 4 million New Yorkers impacted by medical company's data breach: What to know * WEIRD Customer sues Chopt over salad she said contained piece of manager's finger at NY shop * Money Awaits Malicious Compliance: People Share How They Got Revenge By Following The RulesMoney AwaitsClick Here Undo WEATHER FORECAST New York, NY 31° Partly Cloudy 0% Precip Tonight 33° Tomorrow 49° SUBSCRIBE TO OUR NEWSLETTERS Sign up to receive breaking news alerts in your inbox. Enter your emailSign up Privacy Policy * Facebook * Instagram * TikTok * Submit Tri-State News Tips * Contact WNBC * Connect With NBC Network * Archives / Licensing * Newsletters * Community * Our News Standards * WNBC Public Inspection File * WNBC Accessibility * WNBC Employment Information * Terms of Service * FCC Applications * Privacy Policy * Your Privacy Choices * Send Feedback to WNBC * CA Notice * Ad Choices * Advertise with us Copyright © 2023 NBCUniversal Media, LLC. All rights reserved Back to Article Close Menu Search for: Send a Video or Photo to NBC NY TV Listings & Watch NBC Live Local News Weather School Closings Weather Alerts U.S. & World News Video Investigations Better Get Baquero Submit a tip CNBC Money Report Entertainment New York Live 1st Look George to the Rescue Open House Community Sports Traffic Submit Tips to Better Get Baquero Submit Photos and Video Contests Newsletters Our Apps Cozi TV Our News Standards FOLLOW US * Facebook * Instagram * TikTok Contact Us YOUR PRIVACY CHOICES: OPT-OUT OF SALE OF PERSONAL INFORMATION AND OPT-OUT OF SHARING OR PROCESSING PERSONAL INFORMATION FOR TARGETED ADS To provide you with a more relevant online experience, certain online ad partners may combine personal information that we make available with data across different businesses and otherwise assist us with related advertising activities, as described in our Privacy Policy. This may be considered "selling" or "sharing/processing” for targeted online advertising under applicable law. If you are a resident of California, Connecticut, Colorado, Utah or Virginia, to opt out of us selling or sharing/processing your personal information: * Such as cookies and devices identifiers for the targeted ads and related purposes for this site/app on this browser/device: switch the “Allow Sale of My Personal Info or Sharing/Processing for Targeted Ads” toggle under Manage Preferences to OFF (grey color) by moving it LEFT and clicking “Confirm My Choice”. * Such as your name, email address and other associated personal information for targeted advertising activities as described above, please submit the form below. Please note that choices related to cookies and device identifiers are specific to the brand’s website or app on the browser or device where you are making the election. MANAGE PREFERENCES ALLOW SALE OF MY PERSONAL INFO AND SHARING/PROCESSING FOR TARGETED ADS Allow Sale of My Personal Info and Sharing/Processing for Targeted Ads California, Connecticut, Colorado, Utah & Virginia Residents Only: To opt out of selling or sharing/processing for targeted advertising of information such as cookies and device identifiers processed for targeted ads (as defined by law) and related purposes for this site/app on this browser/device, switch this toggle to off (grey color) by moving it left and clicking “Confirm My Choice” below. (This will close this dialogue box, so please open the email Opt-Out Form 1st). ALL OTHER LOCATIONS: If we do not detect that you are in California, Connecticut, Colorado, Utah or Virginia, this choice will not apply even if you toggle this button off. If you turn this off, you will still see ads, but they may be less relevant or based only on our first-party information about you. Please note, you must make the Manage Preference choices on each site/app on each browser/device you use to access the services. You must also renew this choice if you clear your cookies. You can change your precise geolocation permissions for our mobile apps in your mobile device settings. OPT-OUT FORM Always Active To opt out of the use of your email and other personal information related to that email such as your name for targeted advertising activities please complete this Opt-Out Form OTHER CATEGORIES OF DATA COLLECTION Always Active Please see our Cookie Notice for more details which can be found by navigating to the Privacy Policy in the menu settings page. Back Button PERFORMANCE COOKIES Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Confirm My Choice Main Navigation Search Search for: Local Weather Investigations Baquero Video TV Listings Our Voices Newsletters Partly Cloudy 31º Live TV Trending Watch 24/7 Rockefeller Center Christmas Tree Israel-Hamas War Giving Tuesday Rosalynn Carter iPhone NameDrop Feature Gmail Accounts Deleted Supporting Our Schools Send Photos/Videos to NBC NY New York Live Open House Expand Keep on reading Matthew Perry's stepdad Keith Morrison speaks out on his deathMatthew Perry’s stepdad Keith Morrison—who married his mom Suzanne Perry in 1981—spoke out on how fans can honor the actor's memory.NBC New York Group 3 Undo Blackhawks terminating Corey Perry's contract over ‘unacceptable' conductThe Chicago Blackhawks are terminating Corey Perry's contract after an internal investigation found he "engaged in conduct that is unacceptable."NBC New York Group 3 Undo Relative ID'd as person of interest in killing of 5-year-old boy and parents in BronxThe three victims were found in an apartment near East 136th Street in the Mott Haven section of the Bronx. Here's what we know so far.NBC New York Group 3 Undo Jennifer Lawrence reacts to plastic surgery speculationJennifer Lawrence, in a conversation with Kylie Jenner, denied the speculation that she has had plastic surgery.NBC New York Group 3 Undo ' ' ' ' ' ' Florida man found dismembered in trunk after fatal Thanksgiving day shootingThe dismembered body of 67-year-old James Banks was found in the trunk of his vehicle by Citrus County Sheriff's deputies on Thanksgiving.NBC New York Undo Suspect arrested after 3 people found shot to death inside NJ condo: PoliceThree people, two men and a woman, were shot and killed inside a New Jersey condo, according to police, and a neighbor said it wasn’t the first time there had...NBC New York Undo Queens high school chaos: Safety officer attacked, teacher targeted in separate incidentsStudents rioted in the hallways of the Briarwood school after some had learned a teacher attended a pro-Israel rally. Video of the chaos that ensued went viral,...NBC New York Undo Travis Kelce reveals if his Thanksgiving plans include Taylor Swift NFL star Travis Kelce shared whether he plans to spend Thanksgiving with Taylor Swift amid their burning red romance.NBC New York Undo Money Awaits Malicious Compliance: People Share How They Got Revenge By Following The RulesMy dad died when I was young and my high school teacher decided to rub it in. So I decided to teach him a lesson.Money Awaits| SponsoredSponsored Click Here Undo Emma Top Gut Doctor: Why Fiber Does not Help With ConstipationRestore regular bowel movements. Reduce painful bloating and constipation. Crush unwanted food cravings and fight harmful gut bacteriaEmma| SponsoredSponsored Watch Now Undo How the death of a young mom led to the unraveling of a national fentanyl trafficking networkNBC New York Undo NYC sees first snowflakes of the season amid bitter cold frontNBC New York Undo Suggest-me You Might Not Want to Ignore Dental Implant Offer In IndianolaSuggest-me| SponsoredSponsored Undo Best Tech Trend Here Are 23 Of The Coolest Gifts For Black Friday 2023Best Tech Trend| SponsoredSponsored Learn More Undo Rosalynn Carter honored by family, friends, first ladies and presidents — including husband JimmyThe service reflected Rosalynn Carter’s status as a global figure while emphasizing her more private profile as a family matriarch who preferred a simple life...NBC New York Undo Former Blackhawks star Patrick Kane makes free agent decisionFormer Blackhawks star Patrick Kane has made his free agent decision and is signing with the Detroit Red Wings, according to multiple reports.NBC New York Undo