(Bloomberg) -- Wegmans has been fined $400,000 for exposing the personal information of over three million consumers nationwide.

New York Attorney General Letitia James announced the fine on the grocery store chain and is requiring the company to upgrade its data security practices.

“Wegmans is paying the price for recklessly handling and exposing millions of consumers’ personal information on the internet. In the 21st century, there’s no excuse for companies to have poor cybersecurity systems and practices that hurt consumers,” James said in a statement.

Compromised data included names, addresses, mailing addresses and additional data derived from drivers license numbers of customers.

The breach was noticed in April 2021 when a researcher informed the company that data hosted Microsoft Azure was left unsecured and open to public access.

©2022 Bloomberg L.P.