Giant Eagle, a US supermarket chain based in Pennsylvania, is notifying employees that due to a portal issue, their personal information may be at risk of outside access.
The company was notified of the breach on May 24, when an employee found a potential issue within the MyHRConnection Team Member portal. Names and social security numbers were accessible to anyone with a MyHRConnection login.
While the number of affected individuals is currently unknown, the chain operates in a number of locations, and employees thousands of workers.
"It is also important to note that to date, we are not aware of any reports of identity fraud, theft or other harmful activity resulting from this issue," according to a notification released by Laura Karet, CEO of Giant Eagle.
The company has since disabled the functionality which allowed outside attackers in, and is taking the necessary steps to ensure the security of staff. As part of assistance, Giant Eagle is offering a free year of credit monitoring services to employees.
This case serves as a perfect example of the necessity of penetration testing measures within a company, as they can identify flaws before they become a problem.