News of the day is that another big company suffered a security breach, the victim is the Amazon-owned grocery chain Whole Foods Market.
Whole Foods Market has around 500 stores in the United States, United Kingdom, and Canada, the company acquired by Amazon for $13.7 billion in late August, it now notified customers a credit card security breach.
According to the security breach notification, crooks were able to gain unauthorized access to credit card information for customers who made purchases at certain venues like taprooms and full table-service restaurants located within some stores.
“Whole Foods Market recently received information regarding unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores.” read the data breach notification announcement. “These venues use a different point of sale system than the company’s primary store checkout systems, and payment cards used at the primary store checkout systems were not affected.”
At the time there the firm hasn’t provided details about the attack, it is still unclear which locations were affected and the total number of customers impacted.
The attackers targeted point-of-sale (POS) systems to siphon customer financial data.
The company pointed out that customers that used their payment cards only for groceries at Whole Foods were not affected, hackers targeted only certain venues which use a separate POS system.
Whole Foods Market clarified that hackers were not able to access Amazon transactions in the security breach.
The company is already investigating the incident and has hired a cybersecurity firm to help it, of course the firm promptly reported the incident to law enforcement.
“When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cybersecurity forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue,” states Whole Foods.
The firm encourages its customers to monitor their credit card statements and bank accounts and report any unauthorized charges.
Recently credit rating agency Equifax publicly disclosed a major breach that affected 143 million Americans, meanwhile the U.S. Securities and Exchange Commission (SEC) also admitted that hackers compromised its financial document filing system.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.