BOSTON (AP): Kroger Co. says personal data including Social Security numbers of some of its pharmacy and clinic customers may have been stolen in the hack of a third-party vendor’s file-transfer service.

The Cincinnati-based grocery and pharmacy chain says it believes less than 1% of its customers were affected as well as some current and former employees because a number of personnel records were apparently viewed. It says it is notifying those potentially impacted customers, offering free credit-monitoring.

Kroger said it was among victims of the December hack of a file-transfer product from Accellion, a California-based company. Other victims include the University of Colorado and Washington State’s auditor.