Kroger has agreed to pay $5 million to settle claims related to the data breach on file transfer vendor Accellion, according to June 30 California federal court documents.
Four things to know:
- The settlement would resolve claims on behalf of 3.82 million pharmacy patients and employees whose personal data was leaked in the vendor breach. Of the 3.82 million affected, nearly 1.5 million Kroger customers had their protected health information exposed.
- The settlement will resolve class-action lawsuits filed in several other states. A lawsuit filed in March in the U.S. District Court in Cincinnati alleged that Kroger "had full knowledge" Accellion's data security platform was "lax."
- The settlement allows data breach victims to choose between a cash payment, two years of credit monitoring services or a paid reimbursement of up to $5,000 if there are documented losses.
- At least 10 healthcare organizations have come forward as victims of the Accellion data breach.