Meal Kit Delivery Service Home Chef Announces Data Breach

(Bloomberg) -- Meal kit delivery service Home Chef announced a data breach Wednesday, two weeks after reports that its customer information was for sale on the dark web. Home Chef, which was acquired by Kroger Co. in 2018, said it was notifying customers of the breach but didn’t say how many customers were affected.

In a statement, Home Chef said that customer email addresses, names and phone numbers, in addition to the last four digits of credit cards, were affected. The breach also included encrypted passwords, and the hackers may have gained access to mailing addresses and information on the frequency of Home Chef deliveries, the company said.

On May 9, Bleeping Computer reported that 8 million Home Chef customer records were being offered for sale on the dark web. The records were available for purchase for $2,500.

Home Chef urged customers to change passwords following the breach. “We do not store complete credit or debit card information, nor maintain passwords in plain text,” according to Maris Callahan, a company spokesperson. “We are taking quick, aggressive actions to investigate this situation and prevent similar events from happening in the future.”

©2020 Bloomberg L.P.