Last Revised: 07/14/2015

Grainger Detects Cybersecurity Incident

No Evidence of Impact to Customers, Suppliers or Employees

On June 2, 2015, Grainger’s IT security team discovered that the company was the subject of a cyberattack and that the intruders were able to access limited information on Grainger’s network. In response, Grainger immediately began following its cybersecurity protocol by working with leading cybersecurity experts to investigate the situation; implementing enhanced security measures; and quickly notifying law enforcement officials. The company has not experienced any service disruptions or outages as a result of the incident.

At this time, Grainger has no evidence there is any impact to customers, suppliers or employees because there is no indication that information such as social security numbers or government identification numbers, banking information or credit/debit card information have been compromised by this incident.

The company takes security seriously, and will continue to take appropriate measures to enhance the security of its systems.



Frequently Asked Questions

What happened?

 

On June 2, 2015, our internal IT security team detected unusual activity on our systems coming from an outside intruder. In response, Grainger immediately began following its cybersecurity protocol by working with leading cybersecurity experts to investigate the situation; implementing enhanced security measures; and quickly notifying law enforcement officials. The company has not experienced any service disruptions or outages as a result of the incident.

 

Has the issue been resolved?

 

Upon detecting the unauthorized activity on our systems, we immediately began implementing enhanced security measures to mitigate this intrusion. We continue to review and enhance our security measures with the assistance of leading external cybersecurity experts.

 

Is it safe to do business with Grainger right now?

 

Yes. Grainger has no evidence at this stage that any banking information or credit/debit card information have been compromised by this incident, and there have been no reports of customers experiencing ID theft, unauthorized transactions, or fraudulent use of their information as a result of this attack. Like other companies and organizations, Grainger is continuously enhancing its security protocols and practices by working closely with recognized external security experts and implementing additional recommended security enhancements.

 

Was the credit card payment process for www.grainger.com affected?

 

We have no evidence that any payment card processing methods were compromised as a result of this matter. It’s important to note that we work to protect customer card data by using a tokenization system that limits the number of credit or debit card numbers that enter our environment.

 

Do you know what kind of data may have been exposed and the extent of the breach?

 

At this time, Grainger has no evidence there is any impact to customers, suppliers or employees because there is no indication that information such as social security numbers or government identification numbers, banking information or credit/debit card information have been compromised by this incident.

 

Please call 1-800-356-0273 if you have questions about this incident.