YOU may want to think twice before handing over your ID to buy booze at major retailers, experts warn.
Your personal information may be stored and sold to third parties.
Some Kroger locations require your ID to be scanned before allowing you to buy age-restricted products[/caption]
Some cyber security experts say you should avoid having your ID scanned at retailers[/caption]
Or worse, it could fall into the hands of malicious actors.
Major retailers like Kroger may scan customers’ IDs before allowing them to purchase alcohol and other age-restricted products.
But some cyber security experts say that could be a risky move.
“I personally would not let them scan my ID for something like that,” Dave Hatter, an IT and cybersecurity consultant, told NBC affiliate WLWT 5.
Hatter said the major issue revolves around not only what type of information may be collected, but also how it’s used.
“Right now, companies are making enormous amounts of money just buying and selling data.
“They’re using it in ways the average consumer — who’s not a nerd like me — can’t understand, but probably wouldn’t even believe,” Hatter said.
Kroger maintains that it scans IDs solely to verify age.
“No personal information is stored,” Kroger said to WLWT in a statement.
“As we sell a variety of age-restricted products, this process allows for a seamless checkout experience for customers.”
EXPERT WARNINGS
Still, Hatter says you should avoid letting your ID be scanned.
“Especially if it’s some sort of corner mom-and-pop shop — who knows what they’re doing with your data?” Hatter said.
“Who knows if they’re even thinking about the security of your data?
“I’m not even saying it would be malicious.
“They could inadvertently leak it, or they might have an employee who understands the value of that data and steals it,” Hatter added.
But what does the law say? That varies by state.
Ohio prohibits grocery stores, liquor stores, and bars to sell or share personal data collected from ID scans.
However, a similar law currently doesn’t exist in Kentucky and Indiana.
But a new law going into effect January 1 would allow customers to opt out of having personal data from ID scans sold.
UNDER FIRE
Kroger came under fire in 2021 following a data breach tied to a file transfer service.
“This incident did not impact customer passwords, credit or debit card or digital wallet information,” Kroger said in a statement.
Hackers can steal information collected by retailers[/caption]
However, a preliminary investigation found employee data, pharmacy records and money services records may have been affected, according to Bitdefender.
But Kroger isn’t the only chain to come under cyber attack recently. The Co-op was forced to shut down part of its IT system following a breach.
And food-distribution company Sysco reached a $2.3 million settlement after a data breach.
