Email Database Breach - Frequently Asked Questions
We were recently notified by our email service provider, Epsilon, that their email database was accessed by an unauthorized party. As a result of this breach, the customer names and email addresses contained in our database may have been exposed. Epsilon immediately identified and patched the vulnerability and contacted the appropriate authorities.
How will this affect you?
The only personally identifiable information exposed were customer names and email addresses. You may receive unsolicited emails (spam) as a result of this incident.
Suggestions to help protect your personal information while online.
Phishing is a method used to attempt to acquire personally identifiable information, such as social security numbers and credit card numbers. Typically an email message that appears to be from a credible party is used to attempt to elicit this information.
Always be wary of any messages that require you to provide any personally identifiable information by replying directly to the message. Legitimate companies would never request personally identifiable information through email.
Do not provide personally identifiable information through email
We would never ask you to send personally identifiable information, such as credit card numbers or social security numbers, via email. Email is not a secure method for sending sensitve information. Any request for personal information from us would require you to sign into your online account on the secured area of our website.
Beware of emails from unknown senders
If you don't know the sender, delete the message immediately. Criminals may send emails that contain viruses or attempt to have you send your personal information by appearing legitimate. Do not attempt to unsubscribe to unsolicited emails via the unsubscribe hyperlink within the message. This will only reveal that your email address is valid and make you a target.
Only provide sensitive information on secured webpages
Legitimate companies would never collect personally identifiable information on a unsecured webpage. Simple ways to identify if a web page is secure is to look for a lock in the status bar of your internet browser (browser dependent), or look for HTTPS at the beginning of the web page address. The "S" at the end indicates that the page is secure.
Is my personal or financial information at risk?
No, only names and email addresses were taken. All other customer information is secure. See "How will this affect you?" for further details.
Can I be taken off your email list?
Yes. To remove your email address from our email list, please sign into your online account, select Email Subscriptions and remove any marked selections.
What we are doing for future security?
Let us reassure you that we are taking necessary steps to safeguard your personal information. You may be aware of attacks on email marketing systems, therefore, we want to assure you that we take the safeguarding of your information seriously and that the appropriate authorities have been contacted regarding this incident.
Additionally, we have taken steps to minimize this type of exposure in the future. We will continue to take all appropriate measures to keep your personal information secure at Kroger.