- Hackers got into about 200 Walmart Spark accounts, the retailer said.
- The attackers also had access to Social Security numbers, dates of birth, and other personal information on drivers.
Hackers got access to some Walmart Spark drivers' accounts and personal information, including Social Security numbers.
The hack happened between December and the start of this month, trade publication Cybernews first reported on Tuesday. The attackers gained access to about 200 accounts, Walmart told Cybernews.
Walmart said that the hack was "an account takeover event (either through phishing or credential stuffing) – not a hack of Walmart systems," according to Cybernews. Hackers also had access to personal information on the drivers, including their Social Security numbers, driver's license numbers, dates of birth, names, and contact information.
Walmart notified the people whose accounts were affected by the hack, according to a copy of the letter it sent those drivers.
"With access to the profile, the unauthorized party may have also viewed documents related to your driver verification, tax information, and background checks," the letter states.
Walmart will provide free identity monitoring for affected drivers, according to the letter. It also suggests in the letter that drivers change their Spark passwords.
A Walmart spokesperson confirmed the hack and the company's response to Business Insider.
"Upon becoming aware, we launched an investigation, notified law enforcement, and took steps to secure drivers' account information," the spokesperson said. "We are communicating directly with drivers who may have been affected by this incident, working closely with law enforcement, and offering free identity monitoring services to confirmed impacted drivers."
Walmart has had multiple issues with security and identity verification on its Spark app, which relies on gig workers to make deliveries for the retailer.
Some Spark drivers said other people were using their accounts to deliver orders, BI reported earlier this month. The drivers said they only figured out that their accounts had been compromised after someone at Spark's driver support line told them their account had claimed more orders than they had actually delivered.
Drivers who use multiple Spark accounts with names other than their own appear to be common on the app, BI reported last year.
In response, Walmart has rolled out new security measures. Last fall, it started using a facial recognition tool to verify drivers' identities while they were using the app, for instance.
But the verification tool kicked some legitimate Spark drivers off the app, BI reported earlier this month.
Do you work for Walmart or Spark and have a story idea to share? Reach out to this reporter at abitter@businessinsider.com