Hackers Steal Kroger's Customer List

wiredmikey writes "Kroger, the nation's largest traditional grocery retailer with more than 338,000 associates, notified customers today of a breach of the database that stores its customers' names and email addresses. The company said the incident occurred at Epsilon, the third-party vendor Kroger uses to manage its customer email database." Reader SatanClauz SatanClauz quotes the email that went out to Kroger customers ("We were notified and became aware of unauthorized access to our email list by someone outside our company. We want to assure you that the only information that was obtained were names and email addresses."), writing "At least they were smart enough to separate the email db from the rest of customer information! — or so they say..."

Names and email addresses?

[ruiner13]

So, they got information that sites like Facebook make completely public anyway? I'm sorry, I guess I'm just all out of unwarranted outrage and fear today. Wake me up when they have credit card numbers, SSNs, or something like my mother's maiden name. You know, stuff that can actually be used for something malicious. All they can do now is send me an email with *gasp* my name in it!

Re:Names and email addresses?

[Anonymous Coward]

So, they got information that sites like Facebook make completely public anyway? I'm sorry, I guess I'm just all out of unwarranted outrage and fear today. Wake me up when they have credit card numbers, SSNs, or something like my mother's maiden name. You know, stuff that can actually be used for something malicious. All they can do now is send me an email with *gasp* my name in it!

Does that tell you something about this breach, or about the culture surrounding Facebook?

Not everybody wants their online contact info to be an open book. Not everyone on this customer list has a Facebook account. You can join the crowd that lowers the bar on privacy expectations and you will have much company. There will be many millions nodding their heads and agreeing with you and validating your opinion. The part you don't seem to appreciate is that they embrace it voluntarily. Not everyone does. That's why it took a system compromise to get this data.

Re:Tortious?

[by (1706743)]

I didn't realize that anyone filled them out with real information. Why would you? To help Kroger track trends and marketing? Forget that, just give me the discount. :P

Filling them out with fake information is almost as useful for them (assuming you do indeed use the card). Think of it as a click-tracking cookie, but for a supermarket instead of a web site. Sure, it's nice to have all the personal information you can get, but it's still useful without that.

Certain demographic statistics will get screwed up, of course (wow, that 82 year old woman sure loves her beer, Oreos and frozen pizza!). However, a huge reason that discount cards are issued is for statistical information on purchases relative to each other. If you're in a supermarket and you see two seemingly unrelated items next to each other, there's a chance that there's a purchasing correlation.

Third party

[Zedrick]

"third-party vendor Kroger uses to manage its customer "... why the hell are they using a third-party anything to manage THEIR customer data?

Oh, oh, I know! Because they don't care about their customers data, and want the option to sue + put the blame on someone if something goes wrong.

Re:Tortious?

[Anonymous Coward]

Filling them out with fake information is almost as useful for them (assuming you do indeed use the card).

So what? The idea is to protect my privacy, not try to intentionally be a dick to them. I'm glad the fake information I gave them is still useful.