Hudson Valley Customers’ Private Info Was Tossed in Dumpster
Medical information belonging to Hudson Valley residents was potentially exposed in a blatant disregard for privacy.
The New Jersey Attorney General announced that Wakefern Food Corp, which owns ShopRite supermarkets, and two of its stores have agreed to pay $235,000 and agree to new privacy measures after they failed to protect the personal information of almost 10,000 customers.
Authorities say the ShopRite supermarkets in Millville, NJ and Kingston, NY violated HIPPA laws and other anti-fraud acts in 2016 by improperly disposing of computers that contained sensitive information. Instead of being destroyed, the pharmacy computers, full of customers' private data, were simply thrown into dumpsters. The computers were used to store purchase information as well as customers' electronic signatures.
HIPPA laws require electronic devices to be erased, destroying any protected health information before being disposed of. Because this wasn't done, names, phone numbers, birthdates, driver’s license numbers, prescription numbers, medication names, dates and times of pick-up or delivery, and customer zip codes all may have been breached.
Wakefern has agreed to put new data protection measures in place and pay a fine of $235,000. Paul R. Rodríguez, the Acting Director of the Division of Consumer Affairs, says that pharmacy customers have a right to expect that their private information is handled properly and protected from falling into the wrong hands.
This settlement ensures that ShopRite supermarket pharmacies will be trained and monitored for HIPAA compliance to avoid future conduct that place consumers at risk for privacy invasion and identity theft.”
Authorities also allege that Wakefern and the ShopRite stores failed to properly train their staff, something that the company has agreed to fix with new online data privacy classes for employees.
Allison Berger, Senior Vice President and General Counsel of Wakefern, responded to the settlement.
Wakefern and its cooperative members have well-developed security measures in place to secure sensitive customer data. As the settlement recognized, Wakefern provides its members a way to properly dispose of electronic devices that include customer information. For these two particular devices, out of an abundance of caution and in accordance with law, the appropriate government agencies were notified. There have been no reports that any consumer information was accessed from the devices since the incident was first reported in 2017, and it should be noted that the information contained on the device did not include social security numbers or credit card information.