In April 2018, W.W. Grainger, Inc. disclosed a data breach that occurred between September 26, 2017, and October 12, 2017, involving unauthorized access to its online payment system. The incident exposed sensitive customer payment details, including credit card numbers, security codes, expiration dates, names, and addresses of individuals who made transactions on Grainger’s website during the affected period. The breach was reported to the California Office of the Attorney General, highlighting the compromise of financial data linked to customer purchases. While the exact number of affected individuals was not specified in the report, the exposure of full payment card information posed a significant risk of fraudulent transactions, identity theft, and financial losses for customers. The breach did not involve broader personal data leaks (e.g., Social Security numbers or internal employee records) but focused primarily on credit card-related fraud risks. Grainger likely faced reputational damage and potential regulatory scrutiny due to the failure to protect customer financial data during the breach window.

The Washington State Office of the Attorney General reported a data breach involving W.W. Grainger, Inc. on September 18, 2017. The incident occurred on August 23, 2017, when a laptop containing personal information of approximately 725 employees was stolen; this data included names and Social Security numbers. Grainger is offering 12 months of complimentary identity protection and credit monitoring services to affected individuals.

The California Office of the Attorney General reported a data breach involving W.W. Grainger, Inc. on November 18, 2015. A coding error in the Grainger.com mobile apps led to the potentially unauthorized storage of unsecured usernames and passwords. The breach was identified on October 27, 2015, and no payment card information or other personal information was affected.