{"id":41686,"date":"2021-07-09T15:00:40","date_gmt":"2021-07-09T15:00:40","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32454\/Kroger-Reaches-5M-Settlement-With-Breach-Victims.html"},"modified":"2021-07-09T15:00:40","modified_gmt":"2021-07-09T15:00:40","slug":"kroger-reaches-5m-settlement-with-breach-victims","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/","title":{"rendered":"Kroger Reaches $5M Settlement With Breach Victims"},"content":{"rendered":"
\n
Kroger reached a $5 million lawsuit settlement with individuals impacted by a breach reported in February, as the Supreme Court hands down a decision on who can seek damages when a breach occurs. Here, a Kroger pharmacy personnel administers a vaccine. (PRNewsfoto\/The Kroger Co.)<\/figcaption><\/figure>\n

Kroger reached a $5 million lawsuit settlement with individuals impacted by a breach reported in February. The settlement was the third legal action tied to a health care data breach this week, shedding light on the rise in breach-related lawsuit trends in the sector in the last few years.<\/p>\n

Meanwhile, the June 21 Supreme Court<\/a> decision on a case filed by Sergio Ramirez and 8,185 individuals against TransUnion concluded only individuals \u201cconcretely harmed\u201d by a breach violation have standing to seek damages against an entity. <\/p>\n

For Ron Raether, partner of Troutman Pepper, the settlement and Supreme Court decision shine a light on the challenge regulators face in addressing remediation of threats, breaches, and the ongoing ransomware crisis.<\/p>\n

\u201cRegulators have struggled with whether a carrot or stick will address these issues,\u201d said Raether. \u201cHowever, the stick approach will not move the needle. Instead, regulators and companies need to join together to fight this common enemy.\u201d<\/p>\n

Specifically, companies should be incentivized to invest more in information security through such tactics as tax breaks, while government and regulators should focus on greater access to tools and education, and eliminating the financial motives of the threat actors.<\/p>\n

Kroger settlement, at a glance<\/strong><\/p>\n

As it stands, health care entities are regulated by the Department of Health and Human Services for compliance with the Health Insurance Portability and Accountability Act rule. The regulation carves out requirements for privacy and security programs, for which the majority of providers comply.<\/p>\n

But compliance is often seen as a checklist and one in need of improvement as the rule was enacted in 2009 \u2013 long before the age of digital health and an increasingly sophisticated threat landscape. And even with the best security processes and tech, sometimes threat actors are still successful in their exploits.<\/p>\n

A key example of this can be seen with the Kroger incident. The pharmacy and supermarket chain was among the hundreds of victims affected by the supply-chain attack against Accellion\u2019s File Transfer Application in December.<\/p>\n

Hackers exploited several zero-day vulnerabilities in combination with a new web shell, which gave them access to at least 100 companies through its FTA service. The actors were able to steal troves of related data during the incident, including customer and employee information from Kroger.<\/p>\n

The attack was led by the Clop ransomware group, with many Accellion<\/a> clients reporting the actors contacted them directly and threatened to expose data stolen in the attack.<\/p>\n

About 1% of Kroger Health and Money customers were affected, including its pharmacy and health clinic patients. The data included health benefits information, Social Security numbers, prescription details, and contact information, among other sensitive data.<\/p>\n

Kroger promptly discontinued use of Accellion\u2019s services and reported the incident to law enforcement. But the 1.5 million customers impacted by the incident soon began filing lawsuits against Kroger, in addition to at least 15 lawsuits directed at Accellion for its role in the incident. About 3.8 million individuals, including employees, were affected by the Kroger incident, overall.<\/p>\n

The Kroger lawsuit accused the pharmacy chain of failing to implement and maintain data security practices able to safeguard client information and to detect the security vulnerabilities behind the breach, as well as inadequate security practices for personally identifiable information.<\/p>\n

\n
\n

\u201cThe stick approach used by regulators is ineffective. It will not generate change in individual companies (except those under immediate scrutiny).\u201d<\/p>\n

Ron Raether, Troutman Pepper Partner<\/cite><\/p><\/blockquote>\n<\/figure>\n

Kroger continually refuted these claims, as it worked to respond and remediate the impact of the breach, including providing those impacted with two years of credit monitoring and ID theft insurance. Kroger also worked closely with the FBI during its recovery and investigation, while retrieving the stolen data from the attackers with confirmation it would be destroyed.<\/p>\n

Further, Accellion never informed Kroger of the vulnerabilities in its legacy FTA service, Kroger claimed.<\/p>\n

Throughout the last several months, Kroger sought to consolidate some of the lawsuits. The settlement will resolve all claims in the Ohio actions. During that time, attorneys for both sides were able to reach an agreement to settle the litigation.<\/p>\n

The settlement will cover all US residents impacted by the Kroger incident and establish a $5 million settlement fund, or about 1% to 3% per impacted person. Those individuals with documented losses may file a claim for a reimbursement of up to $5,000.<\/p>\n

Kroger is also required to implement significant remedial measures as part of the settlement, as well, including confirmation that it will no longer use the Accellion FTA service and will migrate to another secure file transfer solution.<\/p>\n

In addition, Kroger must undertake measures to secure and destroy the data stolen or accessed during the security incident. Kroger is also require to enhance its existing third-party vendor risk management program and conduct periodic reviews of all file transfer services or other software used to transfer customers\u2019 personally identifiable information.<\/p>\n

Kroger is also required to monitor the dark web for indications of fraudulent activity, stemming from the data stolen during the Accellion hack.<\/p>\n

The settlement shares similarities with other health care breach lawsuits settled in the last two years, such as the June 2020 settlement for $2.8 million between UnityPoint Health and the millions of patients impacted by two phishing-related breaches in 2017 and 2018.<\/p>\n

The most recent health care-related settlement was reached between breach victims of a nine-year breach of insurance giant Dominion National for $2 million<\/a>.<\/p>\n

\u201cThe value of a class settlement depends on numerous factors, many of which have no ties to the risk or the economic realities of the situation at hand,\u201d said Raether. \u201cBut more to the point, class actions do even less to incentivize aggregate change than regulatory actions.\u201d<\/p>\n

\u201cOur current system of using the stick to cause change is not working,\u201d he added.<\/p>\n

Supreme Court defines \u201cactual harm\u201d<\/strong><\/p>\n

Many of these lawsuits vary widely in terms of financial restitution and for how judges define \u201cactual harm.\u201d To Raether, the Supreme Court decision in TransUnion vs. Ramirez in 2021 shines a light on some of these gray areas and how the onus of proof falls to the victims.<\/p>\n

Ramirez sued TransUnion after a dealership declined to sell him a vehicle as his name appeared on a \u201cterrorist list.\u201d TransUnion implemented the measure to help companies prevent doing business with suspected criminals.<\/p>\n

However, the list in question compares consumer names with the Office of Foreign Assets Control\u2019s list and then places an alert on the credit reports of consumers with possible matches. At the time, TransUnion only compared data against first and last names.<\/p>\n

If the name of the consumer matched with the name of an individual on the OFAC list, TransUnion would place an alert on the consumer\u2019s credit report to indicate the individual was a potential match to a name on the OFAC list.<\/p>\n

The decision<\/a> established key areas of actual harm that could impact future data breach lawsuits in the future, including those in health care. In particular, the federal judiciary power is confined to resolve cases and controversies when plaintiffs have a personal stake to sue the entity accused of a violation.<\/p>\n

\u201cRamirez is a potentially far-reaching opinion, with impact well-beyond the Fair Credit Reporting Act,\u201d explained Raether. \u201cThe implications of which are sure to be debated in the coming months in the lower courts.\u201d<\/p>\n

\u201c<\/strong>It is clear plaintiffs need more than a statutorily created right (public or private) and fear of future misconduct to make their way into federal court,\u201d he added. \u201cWhether that statutory right can find a sufficient common law foundation to create a concrete injury, or whether an informational right can be established, will be debated by litigants by reference to Ramirez and the Supreme Court\u2019s many other standing decisions.\u201d<\/p>\n

As such, the case concretely makes the case that it\u2019s the judiciary and not Congress charged with determining whether actual harm exists, based on historical injury. Raether explained that given the facts presented in Ramirez, the assertions fall short of the \u201cconcrete harm\u201d standard.<\/p>\n

\n
\n

\u201cIn cases where no statutory claim exists, like HIPAA, it creates further challenges on claims that the loss of the data to the hacker somehow diminished the value of the data.\u201d<\/p>\n

Ron Raether, Troutman Pepper Partner<\/cite><\/p><\/blockquote>\n<\/figure>\n

Further, Congress cannot rewrite HIPAA to create a private right of action able to confer standing. Raether stressed that the Ramirez decision clearly shifts Congressional power in this area to the judiciary. The full extent of the decision will likely be seen in the future.<\/p>\n

As it stands, Raether explained that Ramirez establishes the definition of actual harm. Individuals filing lawsuits against companies that breach their data and claims for damages must have an analogue to a common law tradition; or \u201cfactual evidence\u201d of some type of  materialized actual harm, which could be in the form of emotional distress, out of pocket loss, \u201cdownstream consequences\u201d in the form of altered conduct or a denial of a credit opportunity, etc.<\/p>\n

Further, it appears the Ramirez decision has made the \u201crisk of harm\u201d a dead letter issue, outside of claims for injunctive relief that must demonstrate that the risk of harm in the future is both imminent and substantial.<\/p>\n

\u201cThat is potentially significant for data breach cases, as risk of harm is the traditional rubric by which such cases are litigated from a standing perspective,\u201d said Raether. \u201cIn some jurisdictions, where mitigation costs have already not been deemed sufficient for standing, some other form of concrete harm is required.\u201d<\/p>\n

\u201cBut, in other jurisdictions, mitigation costs may be regarded as sufficient even after Ramirez,\u201d he added. \u201cAt the very least, however, these requirements will impose an impediment to class certification, as such damages are generally not subject to common proof.\u201d<\/p>\n

The decision also dealt informational injury claims a significant blow, as it held there can be \u201cno standing based on a claim of informational injury absent individual proof of downstream consequences due to the lack of information.<\/p>\n

For data breach cases that challenge an entity\u2019s failure to provide timely notice in the wake of the breach, the decision will have significant ramifications, explained Raether.<\/p>\n

\u201cIn cases where no statutory claim exists, like HIPAA, it creates further challenges on claims that the loss of the data to the hacker somehow diminished the value of the data,\u201d he added.<\/p>\n

Indeed, we should see an increased emphasis on the nature of the data at issue, creating further individual issues that defeat class certification.\u201d<\/p>\n

Overall, the Ramirez decision underscored that breach victims must provide actual, factual proof of standing or harm to satisfy legal requirements. The decision emphasized the Court\u2019s assertion that victims must present evidence of factually established harm.<\/p>\n

Moving forward<\/strong><\/p>\n

The Supreme Court further instructed that courts can\u2019t simply presume concrete harm. Raether stressed that\u2019s a high bar that will \u201clikely alter how class actions are litigated from a discovery perspective moving forward.\u201d<\/p>\n

Although Ramirez has been decided, Raether believes there will be a continued battle around both sides of the question of proof given difficulties in finding individuals who\u2019ve been an immediate victim of an attacker. And nearly all consumers have been involved in data security incidents, which will further fuel the challenge the tracing of alleged harm.<\/p>\n

Raether believes it\u2019s the time to rethink whether using courts to fight these battles are the best for the country\u2019s overall economic interests.<\/p>\n

\u201cDismissals for lack of standing are not on the merits. For that reason, Justice Clarence Thomas also warned that Ramirez may be a \u2018pyrrhic victory\u2019 for TransUnion because it does not prohibit Congress from creating statutory rights, but only holds that federal courts lack jurisdiction to enforce them absent a concrete harm,\u201d explained Raether.<\/p>\n

\u201cIn other words, state courts, unbounded by Article III, may now be the \u2018sole forum\u2019 for such cases,\u201d he added.<\/p>\n

As for whether Congress or a federal agency will mandate specific security standards to better enforce data protection measures, Raether believes it\u2019s doubtful. Security practices and needs vary by entity and require consideration of key elements specific to the organization.<\/p>\n

Addressing the current ransomware crisis, particularly in the health care space, is and will continue to be complicated. Raether noted that threat actors have learned how to exploit the economy of scale central to efficient IT operations to get the most out of a single compromise.<\/p>\n

Instead of relying on Congress or federal action, entities across all sectors should move toward a collective response and beyond sharing known threats. Instead, Raether believes that defense-in-depth measures must be present across all sectors.<\/p>\n

Further, all organizations need to shift away from audit-based standards and look toward NIST, Mitre [email protected]<\/a>, and other relevant frameworks.<\/p>\n

\u201cWe need to make a move past looking at information security as a secondary consideration and realize that the threat is real for every organization, making it time to build security into every aspect of IT from dev to ops,\u201d said Raether.<\/p>\n

\u201cThe stick approach\u2026 used by the regulators is so ineffective,\u201d he continued. \u201cIt will not generate change in individual companies (except those under immediate scrutiny) and thus will not incentivize global efforts which is what is needed to stop these organized criminals.\u201d<\/p>\n<\/p><\/div>\n

\n

Topics:<\/h2>\n

Breach<\/a> Compliance<\/a> Healthcare<\/a> <\/section>\n

READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

READ MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":41687,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[2224],"class_list":["post-41686","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackergovernmentprivacyusadata-loss"],"yoast_head":"\nKroger Reaches $5M Settlement With Breach Victims 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kroger Reaches $5M Settlement With Breach Victims 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-09T15:00:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/kroger-reaches-5m-settlement-with-breach-victims.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"614\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kroger-reaches-5m-settlement-with-breach-victims\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kroger-reaches-5m-settlement-with-breach-victims\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Kroger Reaches $5M Settlement With Breach Victims\",\"datePublished\":\"2021-07-09T15:00:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kroger-reaches-5m-settlement-with-breach-victims\\\/\"},\"wordCount\":2230,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kroger-reaches-5m-settlement-with-breach-victims\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/kroger-reaches-5m-settlement-with-breach-victims.jpg\",\"keywords\":[\"headline,hacker,government,privacy,usa,data loss\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kroger-reaches-5m-settlement-with-breach-victims\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kroger-reaches-5m-settlement-with-breach-victims\\\/\",\"name\":\"Kroger Reaches $5M Settlement With Breach Victims 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kroger-reaches-5m-settlement-with-breach-victims\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kroger-reaches-5m-settlement-with-breach-victims\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/kroger-reaches-5m-settlement-with-breach-victims.jpg\",\"datePublished\":\"2021-07-09T15:00:40+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kroger-reaches-5m-settlement-with-breach-victims\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kroger-reaches-5m-settlement-with-breach-victims\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kroger-reaches-5m-settlement-with-breach-victims\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/kroger-reaches-5m-settlement-with-breach-victims.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/kroger-reaches-5m-settlement-with-breach-victims.jpg\",\"width\":1024,\"height\":614},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kroger-reaches-5m-settlement-with-breach-victims\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,privacy,usa,data loss\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentprivacyusadata-loss\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Kroger Reaches $5M Settlement With Breach Victims\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Kroger Reaches $5M Settlement With Breach Victims 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/","og_locale":"en_US","og_type":"article","og_title":"Kroger Reaches $5M Settlement With Breach Victims 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-07-09T15:00:40+00:00","og_image":[{"width":1024,"height":614,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/kroger-reaches-5m-settlement-with-breach-victims.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Kroger Reaches $5M Settlement With Breach Victims","datePublished":"2021-07-09T15:00:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/"},"wordCount":2230,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/kroger-reaches-5m-settlement-with-breach-victims.jpg","keywords":["headline,hacker,government,privacy,usa,data loss"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/","url":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/","name":"Kroger Reaches $5M Settlement With Breach Victims 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/kroger-reaches-5m-settlement-with-breach-victims.jpg","datePublished":"2021-07-09T15:00:40+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/kroger-reaches-5m-settlement-with-breach-victims.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/kroger-reaches-5m-settlement-with-breach-victims.jpg","width":1024,"height":614},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/kroger-reaches-5m-settlement-with-breach-victims\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,privacy,usa,data loss","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentprivacyusadata-loss\/"},{"@type":"ListItem","position":3,"name":"Kroger Reaches $5M Settlement With Breach Victims"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=41686"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41686\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/41687"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=41686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=41686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=41686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}