Whole Foods is investigating a credit-card security breach
Another day, another cybersecurity breach.
Whole Foods Market — which was recently acquired by tech giant Amazon — said Thursday that hackers were able to gain access to credit card information for customers who made purchases at some of its in-store taprooms and restaurants.
The company did not disclose details about the locations that were targeted or how many customers might have been effected.
The tap rooms and restaurants use different payment systems than Whole Foods check-out counters, the company said. “Amazon.com systems do not connect to these systems,” the company clarified in a press release.
Amazon did not return a request for comment.
“When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cyber security forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue,” the company said. Whole Foods says it plans to provide updates throughout the investigation.
Hackers targeted “point of sale systems” — or the machines where customers swipe or insert their cards — in order to steal the data, according to the press release.
Sound familiar? The news comes just one day after reports that Sonic, the drive-in restaurant chain, suffered a strikingly similar problem.
KrebsOnSecurity, a notable cybersecurity blog, had identified a potential breach at some Sonic restaurants that was likely executed the same way Whole Foods says it was hacked — remotely via point of sale systems.
Krebs estimates millions of credit and debit card numbers could have been stolen in that hack.
Two other restaurants — Wendy’s and Chipotle — suffered breaches earlier this year for similar reasons.
Wendy’s said in July that point of sale systems at more than 1,000 of its U.S. restaurants were targeted by hackers, compromising an unknown number of credit and debit cards.
Chipotle was hit in March and April. The company said in May that “most, but not all” of its restaurants may have been involved in a credit-card theft scheme carried out by hackers who installed malware on cash registers.
The Whole Foods breach also follows one of the most high-profile data breaches in history.
Just weeks ago, credit reporting bureau Equifax admitted that hackers were able to gain access to personal information for as many as 143 million Americans. That breach went beyond stolen credit card numbers — it put large numbers of individuals at risk for identity theft.