Wegmans has reached an agreement with the state attorney general for leaving the personal information of more than three million customers exposed in the cloud.
Wegmans will pay the state $400,000 in penalties and must take several steps to keep the data secure from now on.
Attorney General Letitia James says the data was exposed for two or three years. The security weakness was discovered last year.
She says the compromised data included usernames and passwords for Wegmans accounts, as well as customers’ names, email addresses, mailing addresses, and data from drivers’ license numbers.