Whole Foods hacked: Customer payment card details stolen from in-store restaurants and taprooms
Whole Foods is the latest in a series of major US chains to have suffered a data breach.
Whole Foods, the popular grocery chain recently acquired by technology giant Amazon, suffered a data breach that saw hackers gain access to credit card data of customers who made purchases at some of its in-store taprooms and restaurants.
The popular grocery chain said on Thursday (28 September) that it recently received information regarding "unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores".
Whole Foods said hackers targeted point-of-sale systems to swipe customers' payment card data.
"These venues use a different point of sale system than the company's primary store checkout systems, and payment cards used at the primary store checkout systems were not affected," the company said in a release. "When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cyber security forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue."
Whole Foods said the investigation is ongoing and will provide updates as it progresses.
The company did not offer specific details regarding which locations were targeted or how many customers were affected in the breach. There are more than 40 Whole Foods stores across the US that sell beer on tap. IBTimes UK has reached out to Whole Foods for comment.
It also clarified that the in-store taprooms and restaurants use different payment systems than Whole Foods check-out counters.
"The Amazon.com systems do not connect to these systems at Whole Foods Market," the firm added, noting that transactions on Amazon's website have not been impacted in the breach.
The disclosure comes just days after American burger chain Sonic Drive-In revealed it suffered a data breach that may have resulted in millions of stolen credit and debit card accounts put up for sale on the dark web, priced between $25 and $50 per piece.
Whole Foods is the latest in a series of major US chains to have suffered a data breach. Other US restaurant chains including Wendy's and Chipotle revealed they were targeted by hackers in recent months as well.
In 2016, Wendy's admitted that more than 1000 restaurant point-of-sale systems were infected with malware in a major breach. In May, popular Mexican fast food chain Chipotle said "most, but not all" of its restaurants were targeted by hackers to swipe customers' payment card data using malware between 24 March and 16 April this year.
© Copyright IBTimes 2024. All rights reserved.