Kroger failed to protect personal information of some of its customers and employees, a federal lawsuit alleges, according to a March 10 Cincinnati Enquirer report.
The lawsuit was filed in March in the U.S. District Court in Cincinnati and is seeking class-action status following a recent data breach at Accellion, a vendor Kroger used for file transfers. The breach affected some customers of Kroger pharmacies and clinics, compromising medical information, names, addresses, birthdates and Social Security numbers.
The lawsuit alleges Kroger "had full knowledge" Accellion's data security platform was "lax." Further, it says Accellion encouraged Kroger to update its two-decade-old transfer program to a more secure file transfer program. The lawsuit says Kroger chose to use "an outdated and unsecure transfer platform."
Kroger offered affected individuals two years of credit monitoring services at no cost to them.
The lawsuit says that the resources offered for those affected is insufficient as the "data included in the breach is permanently compromised." Therefore, after the two years, those affected will have to pay for their own credit monitoring.