Whole Foods has been in the news lately due to its recent acquisition by Amazon, which brought about in-store discounts for Amazon Prime members. Unfortunately, not everything is peachy at Whole Foods: in late September, the grocery outlet suffered a large-scale data breach, in which several of its point-of-sale systems in their taprooms and full table-service restaurants lost customers’ private information to hackers in an invasion of their payment processing system.
Despite their acquisition by Amazon, Whole Foods assured their customers in a press release on September 28th that Whole Foods systems are not connected to Amazon’s, and that customers’ purchases and payment information at Amazon were not in jeopardy. They also stressed that the credit card processing systems used on their main checkout terminals were not breached.
In an attempt to further secure their merchant services, Whole Foods announced that they had begun an investigation through a cyber security forensics firm, and had also reported the breach to law enforcement. Interestingly enough, neither Whole Foods nor Amazon suffered a significant hit in after hours trading.
Gizmodo reported that as many as 117 venues could have been impacted by the breach—and yet Whole Foods has been alarmingly silent about the exact nature and extent of the breach. They declined to reveal when they first discovered the breach, or how many customers may have been affected by it. In the wake of the devastating Equifax scandal in which millions of Americans’ private information was stolen, transparency following a data breach is more important than ever, and Whole Foods’ tight-lipped response—or lack thereof—is troubling.
Whether or not you were affected by this specific flub, it’s always important to keep in mind that this sort of thing can happen anywhere you shop, and it’s imperative that you know how to protect yourself in the event of a leak or attack. You should always monitor your accounts and ensure that no fraudulent purchases have been made without your knowledge, especially if you’re information might have been breached by hackers. If they have, immediately contact your financial institution to cancel the card and refute those charges.