Customers who shop at Kroger may be victims of a data breach.

The grocery store chain released the following statement on its website:

Kroger has confirmed that it was impacted by the data security incident affecting Accellion, Inc. Accellion’s services were used by Kroger, as well as many other companies, for third-party secure file transfers. Accellion notified Kroger that an unauthorized person gained access to certain Kroger files by exploiting a vulnerability in Accellion’s file transfer service.

Here are the facts as we understand them: The incident was isolated to Accellion’s services and did not affect Kroger’s IT systems or any grocery store systems or data. No credit or debit card (including digital wallet) information or customer account passwords were affected by this incident. After being informed of the incident’s effect on January 23, 2021, Kroger discontinued the use of Accellion’s services, reported the incident to federal law enforcement, and initiated its own forensic investigation to review the potential scope and impact of the incident.

Kroger has no indication of fraud or misuse of personal information as a result of this incident. However, Kroger is directly notifying potentially impacted customers and associates through mail notices and offering free comprehensive credit monitoring to those individuals out of an abundance of caution.

We have included below additional information about Accellion’s incident and the impact on Kroger customers and associates, as well as the steps we are taking to assist potentially impacted individuals. If you have additional questions about the incident, we encourage you to call our dedicated call center at 1 (855) 558-2999 between 6:00 AM – 8:00 PM PT (Monday through Friday) and 8:00 AM – 5:00 PM PT (Saturday and Sunday).