The lawsuit was filed in March in the U.S. District Court in Cincinnati and is seeking class-action status following a recent data breach at Accellion, a vendor Kroger used for file transfers. The breach affected some customers of Kroger pharmacies and clinics, compromising medical information, names, addresses, birthdates and Social Security numbers.
The lawsuit alleges Kroger “had full knowledge” Accellion’s data security platform was “lax.” Further, it says Accellion encouraged Kroger to update its two-decade-old transfer program to a more secure file transfer program. The lawsuit says Kroger chose to use “an outdated and unsecure transfer platform.”
Kroger offered affected individuals two years of credit monitoring services at no cost to them.
The lawsuit says that the resources offered for those affected is insufficient as the “data included in the breach is permanently compromised.” Therefore, after the two years, those affected will have to pay for their own credit monitoring.
More articles on cybersecurity:
150,000 security cameras hacked, exposing footage from Halifax Health, other hospitalsI
daho health system data breach letters mistakenly tell some patients they are dead
HHS extends comment period for proposed HIPAA changes
