A settlement was reached, holding The Kroger Co.(the Defendant) responsible for alleged damages arising from the “large and preventable” third-party vendor Accellion data breach which exposed the personal — and in some cases, financial — information of Kroger’s past and current employees and staff in or around December 2020.
The plaintiffs claimed that Kroger, based on its Notice of Data Breach letter, learned of the incident by January 23, 2021 yet did not duly alert all those affected—former and current employees—until nearly two months later. The lawsuit alleges that Kroger “was aware and had full knowledge” of Accellion’s “lax” data security on the platform yet did nothing about it. Before the breach, Accellion allegedly encouraged Kroger to “move to a newer and more secure transfer platform”, away from the outmoded FTA file-transfer product.
Who’s Eligible
You may be a Class Member if you are a United States resident and current or former employee of Kroger’s or of any of its subsidiaries, affiliates, or parent companies, and/or if you were a customer of Kroger’s, whose personal information, including your name, email address, other contact information, birthdate, Social Security number, and in some cases even salary information (e.g., net and gross pay and withholdings) were accessed by hackers in the large-scale data breach in or around December 2020.
Settlement Pool: $5,000,000
Potential Award:
Class Members may get:
(a) an estimated average cash payment of $91 (for non-California residents), or $181 (for California residents), or
(b) two years of credit monitoring and insurance services, or
(c) a reimbursement payment of up to $5,000 in *documented losses*, and
(d) prospective relief and a change in business practices attributable to the settlement
Claim Form Deadline:
March 5, 2022.