Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US Supermarket Chain Wegmans Notifies Customers of Data Breach

US Supermarket Chain Wegmans Notifies Customers of Data Breach

Wegmans Food Markets notified customers that some of their information was exposed after the company became aware that two of its databases were publicly accessible on the Internet because of a configuration issue.

Wegmans is a 106-store major regional supermarket chain with stores in the mid-Atlantic and Northeastern regions (i.e., New York, Pennsylvania, New Jersey, Virginia, Maryland, Massachusetts, and North Carolina).

The store chain was founded in 1916, and it is one of the largest private companies in the US, employing more than 50,000 people.

No payment information exposed in the incident

“We recently became aware that, due to a previously undiscovered configuration issue, two of our cloud databases, which are used for business purposes and are meant to be kept internal to Wegmans, were inadvertently left open to potential outside access,” the supermarket chain said in a press release.

“This issue was first brought to our attention by a third-party security researcher and we then confirmed the configuration problem, beginning on or about April 19, 2021.”

After the data breach was discovered, Wegmans hired a leading forensics firm to investigate the incident and correct the database misconfiguration.

Customer information exposed in the data breach included names, addresses, phone numbers, birth dates, Shoppers Club numbers, and account e-mail addresses and passwords.

However, according to Wegmans, the databases contained only salted password hashes were both hashed and salted, with the actual passwords not being stored in the unsecured databases.

Also Read: Data Protection Officer Singapore | 10 FAQs

“Social security numbers were not impacted (Wegmans does not collect this information from its customers) nor was any payment card or banking information involved,” the company added.

Although all affected passwords were protected through hashing, as a conservative measure, you can change the password to your account, as well as for any other account for which you use the same password. It is generally a good idea to use a unique password for each online account you may have. – Wegmans

Credential stuffing attack warning three months earlier

In late March, the supermarket chain also notified customers of credential stuffing attacks using credentials stolen from other online services and affecting more than 2,7000 accounts in January.

“It is likely that your login credentials were taken from another source, for example, the compromise of another company or website, where you may have used the same or similar login credentials,” the company said in a notification letter sent to impacted customers in March.

“This is known as a ‘credential stuffing’ attack, which can occur when individuals use the same login credentials on multiple websites.”

After discovering the incident in mid-February, Wegmans found that the attackers could gain access to names, phone numbers, addresses, dates of birth, and Wegmans Shoppers Club Numbers associated with the compromised accounts.

Credit or debit card payment information was not exposed in the incident because Wegmans does not store such info on their servers.

Also Read: The DNC Singapore: Looking at 2 Sides Better

Wegmans also blocked the attacker’s access by forcing a password reset for all affected accounts to prevent future logins.

Impacted customers were also advised no to use the same credentials (i.e., emails and passwords) for multiple online platforms, including email, banking, social media, and other retailer accounts.

A Wegmans spokesperson was not available for comment when contacted by BleepingComputer earlier today.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us