- Law firms
- Related documents
The company and law firm names shown above are generated automatically based on the text of the article. We are improving this feature as we continue to test and develop in beta. We welcome feedback, which you can provide using the feedback tab on the right of the page.
(Reuters) - Supermarket chain Kroger Co has agreed to pay $5 million to resolve claims related to the recent data breach of Accellion Inc's file transfer service, according to court filings.
The deal would end claims against Kroger on behalf of about 3.82 million pharmacy customers and current and former employees whose personal information was compromised in the software vendor breach, according to a preliminary approval motion for the proposed class action settlement filed Wednesday in California federal court.
The lawsuit, one of several filed in the last few months against Kroger, Accellion or other Accellion customers, also names Accellion as a defendant. The proposed deal "resolves claims against Kroger only" and would also release claims in multiple Ohio actions and an Indiana action against the supermarket chain, the filing said.
Tina Wolfson of Ahdoot & Wolfson, an attorney representing the plaintiffs, didn't immediately respond to a request for comment. Nor did Amy Lally of Sidley Austin, which represents Kroger. Michael Rubin and Melanie Blunschi of Latham & Watkins, representing Accellion, also did not immediately respond to requests for comment.
Accellion disclosed to clients that hackers exploited vulnerabilities in its legacy file transfer product in December 2020 and January 2021. The incident affected a number of companies, universities and others, including the law firm Jones Day. Kroger publicly revealed on Feb. 19 that the personal data of some of its pharmacy customers and employees was compromised, according to the filing.
The plaintiffs in the proposed class action claim that Kroger and Accellion lacked sufficient data security practices to protect personal information, among other failings, and that Kroger botched an obligation to protect their sensitive information from being disclosed.
In addition to the $5 million settlement fund, Kroger has agreed to change its business practices under the proposed deal. That would include confirming that it has moved over to a "new secure file transfer solution," secure or destroy the personal information subject to the breach and boost its third-party vendor risk management program, according to the filing.
The Judicial Panel on Multidistrict Litigation rejected a bid to centralize cases against Accellion, Kroger, Flagstar Bancorp and others last month.
For the plaintiffs: Tina Wolfson of Ahdoot & Wolfson
For Kroger: Amy Lally of Sidley Austin
For Accellion: Michael Rubin of Latham & Watkins