Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

Wegmans discloses data breach

cyber-security-freepik
June 21, 2021

Wegmans, American supermarket chain, has disclosed a data breach incident. Headquartered in Gates, New York, Wegmans has 106 stores in the mid-Atlantic and Northeastern regions.

According to a press release, Wegmans recently became aware that due to a previously undiscovered configuration issue, two of their databases, used for business purposes and internal to Wegmans, were inadvertently left open to "potential outside access." 

The types of impacted customer information included: names, addresses, phone numbers, birth dates, Shoppers Club numbers, as well as e-mail addresses and passwords for access to Wegmans.com accounts. All impacted Wegmans.com account passwords were, in technical terms, “hashed” and “salted,” meaning that the actual password characters were not contained in the databases. Social security numbers were not impacted, as Wegmans says it does not collect this information from its customers, nor was any payment card or banking information involved.

The incident, Wegmans says, was first brought to their attention by a third-party security researcher and then confirmed the configuration problem, beginning on or about April 19, 2021. Wegmans then worked with a leading forensics firm to investigate and determine the incident’s scope, identify the information in the two databases, ensure the integrity and security of their systems, and correct the issue. 

Kevin Dunne, President at Pathlock, a Flemington, N.J.-based provider of unified access orchestration, says, "The recent breach notification from Wegman's highlights a recurring trend we are seeing: enterprises are storing more customer information than ever in their business applications.  As remote work and digital transformation initiatives push these systems into the cloud, it is common to find many of these business systems are publicly available to the internet, and loosely secured.  CISO's and Data Privacy officers need to work with the business to understand what critical customer information is being stored where, at an organization wide level.  Unprotected data silos that are operated by the business undermine the work that security and data teams do to maintain strict controls over the core internal systems.  When these business systems aren't overseen by the information security and information technology teams, they can introduce a new risk loophole that risks compliance with data privacy regulations like GDPR and CCPA."

Wegmans have since corrected configurations and secured all affected information, and also taken steps to avoid the occurrence of similar issues in the future. 

Erkang Zheng, Founder and CEO at JupiterOne, a Morrisville, N.C.-based provider of cyber asset management and governance solutions, explains, "Configuration hygiene for cloud resources sounds basic, however, often times it is very hard to do the basics well, at scale. Especially when individual configurations that seem benign on its own may cause significant harm in combination. We need a graph-based approach to “connect the dots” when it comes to understanding cyber assets."

"The ability to detect and respond in real time is an essential part of modern security.  Misconfiguration issues don’t seem to be going away any time soon, which means customers that rely on everything being 100% correct will be sorely disappointed when reality strikes," says Tim Wade, Technical Director, CTO Team at Vectra, a San Jose, Calif.-based AI cybersecurity company. "There needs to be a holistic approach to security – yes, minimizing misconfiguration and hardening services is part of that holistic approach – but until organizations have a plan to identify the breach in real time, this type of activity will continue."

KEYWORDS: cyber security data breach data protection risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Cybersecurity
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Leadership and Management
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Colorful laptop

Organizations Think They Know Who’s Visiting Their Sites. They Don’t.

Glasses in front of coding on screen

5 Ways Quantum and AI Will Rewrite the Rules of Cyberattacks

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • attack-cyberenews

    Joomla Discloses Data Breach Affecting 2,700 Users

    See More
  • data-breach-freepik1170x658x4.jpg

    SuperCare Health discloses data breach affecting 300k individuals

    See More
  • data-breach-freepik1170.jpg

    Panasonic discloses data breach

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing