U.S. law requires major phone companies to wait seven days before letting users know about a data breach.

It's a rule that FCC Chairwoman Jessica Rosenworcel is hoping to change.

In January, she sent out a proposal that would eliminate "the current seven business day mandatory waiting period for notifying customers of a breach," along with several other changes designed to help people protect their data.

"The idea that I could have my phone hijacked by somebody else, and used in a way that appears to be me, puts a lot of other systems at risk," said Karen Worstell, a senior cybersecurity strategist at VMware, a company which provides multi-cloud services for all apps.

"That's the reason why the FCC is looking at notifying customers early. Customers have to make a choice about what they're going to do about their phone security."

It's an idea echoed by Rosenworcel.

"[T]hese rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected to consumers," Rosenworcel said in a written statement about the proposal.

"Customers deserve to be protected against the increase in frequency, sophistication and scale of these data leaks."

Not everyone agrees.

There are currently only four people serving on the five-person Federal Communications Commission, and they are split along party lines: two Democrats and two Republicans.

President Joe Biden's nominee to join the FCC, Gigi Sohn, has been stalled in the Senate for several months.

The Senate Committee on Commerce, Science and Transportation is scheduled to vote on her nomination Wednesday.

If approved, she would still have to pass a vote of the full Senate.

FCC action can't come soon enough to save most Americans from having their personal information exposed.

By one estimate, every person in the U.S. had their data stolen four times during 2019.

Breaches have become more common since then.

"We do seem to still have an under-reporting of breaches," Worstell said.

"I'm not exactly sure why. But the understanding is that there are breaches occurring that are not currently being reported. There's a few ways that companies can avoid doing a reporting of a breach. And so many of them may be taking advantage "

Worstell said it's important for all of us to keep an eye out for unfamiliar transactions on our bank or credit card accounts.

She recommended setting up alerts with your bank.

But the most important thing consumers can do, according to Worstell, is activating two-factor authentication on any apps containing personal data.

"Two-factor authentication just means that you have your name, your user id, your password, and another code, usually something that was sent to your phone," Worstell said.

"I would implement that everywhere. Everywhere. Passwords are absolutely worthless at this point in time. If you want to put in 17-character, complex passwords on all of your accounts, go ahead and do that. They're still breakable."

CINCINNATI — Kroger confirmed Friday that it was impacted by a data security breach affecting Accellion, Inc., a vendor it used for third-party secure file transfers.

"Kroger believes certain associate HR data, certain pharmacy records, and certain money services records have been affected," the company said on its website.

The company believes that fewer than 1% of its customers were impacted. The breach did not affect IT systems or any grocery store systems or data, Kroger said. No credit, debit card or digital wallet information were affected by the breach, nor were customer account passwords.

While Kroger said there is no indication of "fraud or misuse of personal information" due to the breach, the company is notifying potentially impacted customers and associates by mail. They are also offering free credit monitoring to those individuals "out of an abundance of caution."

The company said Accellion notified Kroger on Jan. 23 that an unauthorized person gained access to certain Kroger files by exploiting a vulnerability in Accellion’s file transfer service.

Kroger has since stopped using Accellion’s services, reported the incident to federal law enforcement and started its own forensic investigation.

If you have questions about the breach, Kroger's dedicated call center at 1 (855) 558-2999 can be reached Monday through Friday between 6 a.m. and 8 p.m. PT, and weekends from 8 a.m. to 5 p.m. PT.

For more information, click here.