Wegmans Exposes Customer Data in Misconfigured Databases
Cleanup in aisle “Oops”: The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny.
Wegmans Food Markets, the U.S. supermarket chain, has notified customers that some of their data was exposed because two of its cloud-based databases were misconfigured, making them publicly accessible online.
In a publicly posted breach notification letter, Wegmans said that the issue was first brought to the company’s attention when a third-party security researcher pointed out the configuration problem. Then, “on or about” April 19, Wegmans confirmed the issue.
It’s not clear whether April 19 is when the issue was reported to Wegmans, when the databases were left open to public access, or whether that’s just when Wegmans confirmed that they were exposed. Likewise, it’s not clear whether or not customers’ data was left in open databases months or even years before it was reported and/or confirmed. Threatpost has contacted Wegmans for clarification.
“We recently became aware that, due to a previously undiscovered configuration issue, two of our cloud databases, which are used for business purposes and are meant to be kept internal to Wegmans, were inadvertently left open to potential outside access,” the letter stated.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25416391/STK473_NET_NEUTRALITY_CVIRGINIA_C.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25415669/1238020424.jpg)
