Amazon’s new acquisition becomes data breach target

Cyber-thieves have found their way into Whole Foods Markets’ payment network.



The natural foods grocer, which Amazon purchased for $13.7 billion in August, learned that payment card information processed at certain venues within some of its stores, such as taprooms and full table-service restaurants, has been breached. These venues use a different point-of-sale system than the company’s primary checkout systems.



The transactions seem to be contained among these Whole Foods’ entry points, as payment cards processed at the primary store checkout systems were not affected. Since parent company Amazon’s systems do not connect to those at Whole Foods, Amazon transactions also have not been impacted, the grocer reported.



“This is still noteworthy however, because it might be the first big ’traditional brick-and-mortar’ cyber-challenge that Amazon will need to overcome following its acquisition of Whole Foods,” Paul Martini, CEO of iboss told Chain Store Age.



Upon learning about the incident, the grocer launched an investigation. In addition to contacting law enforcement, Whole Foods is working with a leading cyber security forensics firm, and taking appropriate measures to address the issue.



The company’s investigation is ongoing, and it will provide additional updates as it learns more, Whole Foods said.



While most Whole Foods stores do not have these taprooms and restaurants, the grocer encourages its customers to closely monitor their payment card statements and report any unauthorized charges to their issuing bank.



“Retail chains are high-priority targets because not only do they give cyber-criminals easy access to financial information, but their networks are also are very distributed — with multiple locations, offices and often various different point of sale systems. This means attackers have multiple entry points to choose from,” Martini said. “Distributed networks like retail stores have very unique challenges, and you’re going to continue to see breaches like this unless the big chains get serious about preventing attacks.”