Whole Foods Market has announced that payment card information of its customers were subjected to unauthorised access at certain taprooms and full table-service restaurants.
The breached point of sale system in use at the affected venues of Whole Foods Market is different from primary store checkout systems.
Whole Foods Market, which was recently acquired by Amazon for $13.7 billion, has hired a leading cyber security forensics firm to investigate the breach and has also informed law enforcement agencies.
The fact that the primary point of sale system being used by Whole Foods Market has not been breached indicates that the number of customers affected may not be high. However, the retailer has not disclosed the total number of affected customers as yet.
‘Whole Foods Market recently received information regarding unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores. These venues use a different point of sale system than the company’s primary store checkout systems, and payment cards used at the primary store checkout systems were not affected,’ the company said in a statement on its website.
‘While most Whole Foods Market stores do not have these taprooms and restaurants, Whole Foods Market encourages its customers to closely monitor their payment card statements and report any unauthorized charges to the issuing bank,’ it added.
The company also informed customers that transactions on Amazon.com were not impacted as such systems are not connected to the affected systems at Whole Foods Market. The retailer has neither identified the hackers in question nor has it laid blame on any individual or department for the breach. However, it has promised that it will keep providing additional updates on the breach as the investigation progresses.
The Whole Foods Market breach is yet another reminder of how point of sale systems owned by medium or large retailers are repeatedly breached by hackers looking to steal credit card details belonging to shoppers. They do so by hacking into servers which are used by PoS machines to transfer customers’ card details.
Earlier this year, it came to light that hackers had breached PoS servers used by as many as 12 hotels run by the InterContinental Hotels Group (IHG) in North America and the Caribbean between August 2016 and December 2016 and stole hundreds of credit card details.
According to the hotel group, “the malware searched for track data (cardholder name, card number, expiration date and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected server.”
Founded in 1980, Whole Foods Market now employs 87,000 people in more than 470 stores across the UK and the United States. The company has not confirmed which stores have been affected by the latest PoS breach but we will update this article with additional details once we know more.