Wegmans: “I would like a high quality customer home address”

Wegmans is a grocery store that sells high quality, healthy meals. They would never collect your data, and even if they did, it would be stored with the utmost care in a secure manner, as any reasonable business would. This was a false assumption, as many customers would find out in 2021 when their stored data was compromised. Over 3 million user emails, passwords, and other user data was obtained by hackers as a result of gaping security vulnerabilities that Wegmans neglected to fix for over 3 years. These security vulnerabilities had been in place since January of 2018. In addition to failing to keep user data in a secure manner, they did not take the reasonable security precautions that a company would do when dealing with personal data. They did not inventory their data with personal user information.

They also took no efforts to secure user passwords and accounts, or do security tests of their cloud assets. It is no wonder that their security vulnerability was left open for over 3 years. Attorney General James of New York weighed in on the situation, stating: “Wegmans failed to safely store and seal its consumers’ personal information, instead it left sensitive information out in the open for years,”. She adds,“in the 21st century, there’s no excuse for companies to have poor cybersecurity systems and practices that hurt consumers.” In addition to user emails and passwords, Wegmans has derived data from customers’ driver license numbers, and hackers have also gotten access to the addresses of these unfortunate customers.

The Office of the Attorney General (OAG) determined that, in addition to failing to appropriately configure the cloud storage containers to limit access to its contents, at the time of the incident, Wegmans failed to inventory its cloud assets containing personal information, secure all user passwords, and regularly conduct security testing of its cloud assets. In addition, Wegmans maintained checksums derived from customers’ driver’s license numbers without a reasonable business purpose to maintain any form of driver’s license information indefinitely. Wegmans owes $400,000 in penalties to the New York Government because of their disappointing data security practices.

Is it worth compromising your own data just to get some groceries? In a digital age where the importance of data security is ever-increasing, why make such a grave blunder as to leave your data in places where it has been known to be leaked. At Wheel Food, we have state-of-the-art security practices, and we do not store any data other than email(for notifying users that the truck is in their area).

Reject Wegmans, return to Wheel Food