Wegmans alerts customers their personal information may have been compromised

ROCHESTER, N.Y. (WROC) — Wegmans officials are alerting customers that their personal information, such as names, addresses, phone numbers, birth dates, email addresses and more, may have been vulnerable to outside parties.

In a press release, Wegmans officials said databases used to store internal customer information were “inadvertently left open to potential outside access.”

From Wegmans

To our valued Wegmans customer:

We appreciate your business and the trust you place in us. We take data security very seriously and wanted to inform you of an incident involving your information.

What Happened?

We recently became aware that, due to a previously undiscovered configuration issue, two of our cloud databases, which are used for business purposes and are meant to be kept internal to Wegmans, were inadvertently left open to potential outside access. Certain customer information, outlined below, was contained in these databases. This issue was first brought to our attention by a third-party security researcher and we then confirmed the configuration problem, beginning on or about April 19, 2021. We then worked diligently with a leading forensics firm to investigate and determine the incident’s scope, identify the information in the two databases, ensure the integrity and security of our systems, and correct the issue.

What Information Was Involved?

The types of impacted customer information included: names, addresses, phone numbers, birth dates, Shoppers Club numbers, as well as e-mail addresses and passwords for access to accounts. However, all impacted account passwords were, in technical terms, “hashed” and “salted,” meaning that the actual password characters were not contained in the databases.

Social security numbers were not impacted (Wegmans does not collect this information from its customers) nor was any payment card or banking information involved.

What We Are Doing

When we discovered the issue, we worked with leading outside experts to investigate the matter. We have since corrected configurations and secured all affected information. We have also taken steps to avoid the occurrence of similar issues in the future.

What You Can Do

Although all affected passwords were protected through hashing, as a conservative measure, you can change the password to your account, as well as for any other account for which you use the same password. It is generally a good idea to use a unique password for each online account you may have.

Additionally, if you would like to obtain general information regarding how to help prevent identity theft, you may contact the Federal Trade Commission using the following information:

Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, D.C. 20580

For similar information, and if you are a New York resident, you may also contact the New York Department of State Division of Consumer Protection ( or the New York State Attorney General (

More Information

If you have questions, please contact 1-855-535-1851.

Check back with News 8 WROC as we will continue to update this developing story.

Leave a Reply

Your email address will not be published.

18 + 15 =