Supermarket chain Whole Foods Market Inc has admitted that the company suffered a major data breach through its payment card systems.
In an announcement, they revealed the breach happened through their ‘taprooms’ and full table-service restaurants inside some 40% of their stores, rather than through its checkout services.
This is significant as the company uses a separate payment system for its bars and restaurant to its grocery checkout stations, with most of their customers using the latter. Any breach involving card and banking information is, of course, incredibly serious.
U.K. customers may be at risk
The major supermarket has some 449 stores, nine of which are here in the UK, and seven of the nine stores in the UK have a café or bar area. Primarily located in London, anyone who has popped in for a drink or a meal may be at risk.
Whole Foods states that it launched an investigation into the breach, enlisting the help of a “leading cyber security forensics firm”. They also confirmed that they informed the relevant authorities.
The company’s rather short statement advises customers to take caution and check their bank statements, and alert their banks of any unusual activity.
Having been recently acquired by Amazon for around £10 billion, the data breach statement from Whole Foods confirmed that Amazon.com is not connected to the company’s systems and are not affected by the breach.
The breach is yet another attack on an organisation that collects and stores a lot of payment card information. Previous incidents have seen multiple restaurants and hotels (including the InterContinental Hotel Group) being hacked through their card payment systems in order to steal credit card details. Late September saw popular fast-food chain Sonic open investigations into an apparent data breach through its payment card systems too.
Other fast-food stores like Chipotle and Wendy’s have also reportedly fallen victim to hackers. While some cybercriminals might like a challenge in targeting big companies, many may just want to make some quick easy money. Targeting restaurants with weak cybersecurity is one way of doing just that.
Verizon has completed a report on this epidemic and warns that organisations aren’t doing enough to protect their payment card systems, either internally or by vetting and restricting access for third party Point of Sale (POS) providers. The 2017 Data Breach Investigations Report calls for proper data breach detection and response measures to mitigate and control damage.
The Whole Food hack comes as Equifax is still reeling from their colossal data breach that saw millions of customers put at risk of fraud and further attacks. Equifax failed their customers when it delayed reporting the breach and only recently revealed that thousands of U.K. Equifax customers were also affected by the data breach.
For help and advice, please contact our team on 0800 634 75 75 or by using the callback form below or speak to our data breach team live by using our LiveChat facility.