On March 15, 2023, Kroger Postal Prescription Services (“Kroger PPS”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”) after learning that confidential consumer information in the company’s possession was subject to unauthorized access. While the HHS-OCR listing does not provide the specific data types that were leaked, based on the company’s filing with the HHS-OCR, it would appear that the breach affected consumers’ protected health information. After confirming that consumer data was leaked, Kroger PPS began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification from Kroger Postal Prescription Services, it is essential you understand what is at risk and what you can do about it. As we’ve discussed in prior posts, healthcare-related data breaches have been on the rise in recent years because hackers are able to obtain a wealth of sensitive information that can be used to commit fraud or sold to other criminals. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Kroger Postal Prescription Services data breach, please see our recent piece on the topic here.
What We Know So Far About the Kroger Postal Prescription Services Breach
The available information regarding the Kroger Postal Prescription Services breach comes from the company’s filing with the HHS-OCR. However, at this point, information about the Kroger PPS breach is limited. Thus, all we know so far is that the incident involved “Unauthorized Access/Disclosure” of data that was stored on the company’s network server.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Kroger Postal Prescription Services began to review the affected files to determine what information was compromised and which consumers were impacted. Then, on March 15, 2023, Kroger Postal Prescription Services sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. According to the HHS-OCR, the Kroger PPS data breach affected the information of 82,466 individuals.
More Information About Kroger Postal Prescription Services
Founded in 1883, Kroger is a grocery retailer based in Cincinnati, Ohio. The company operates more than 2,700 grocery stores under various names in 35 states and Washington, D.C. Some of the Kroger stores include Food 4 Less, Jay C, Jay C Food Plus, Kroger, Kroger Marketplace, Owen's, Payless Super Market, Ruler, Harris Teeter, Smith’s, City Market, Fred Meyer and Fry’s Food and Drug. The Postal Prescription Services division oversees mail-order prescriptions. Kroger employs more than 500,000 people and generates approximately $144 billion in annual revenue.