Wegmans Food Markets notified customers that some of their information was exposed after the company became aware that two of its databases were publicly accessible on the Internet because of a configuration issue. Customer information exposed in the data breach included names, addresses, phone numbers, birth dates, Shoppers Club numbers, and passwords. Social security numbers were not impacted in the incident. Credit or debit card payment information was not exposed because the supermarket does not store such info on their servers. The company also notified customers of credential stuffing attacks using credentials stolen from other online services and affecting more than 2,7000 accounts.
Source: https://www.bleepingcomputer.com/news/security/us-supermarket-chain-wegmans-notifies-customers-of-data-breach/