Amazon’s newest acquisition has taken steps to replace vulnerable checkout systems that cyber-thieves used to pilfer customer data.
Hackers gained unauthorized access to payment card information used at certain venues, such as tap rooms and full table-service restau-rants, located within some Whole Foods Markets stores. The incidents occurred between March 10 and Sept. 28. The company learned of the breach on Sept. 23, according to Whole Foods.
These venues use a different point-of-sale system than the company’s primary checkout systems, protecting them from
the breach. Amazon.com systems are also not connected to the affected systems, so the online giant’s transactions were not affected.
Over the six month period, the incident impacted about 100 venues in 30 states, including California, Florida, Pennsylvania and Virginia. Big cities including New York City, Chicago, Washington, D.C., were also targeted, according to 4-Traders.
Upon learning about the cyber-attack, Whole Foods conducted an in-vestigation with the help of a leading cyber security forensics firm and law enforcement. Efforts revealed that unauthorized software was present on the POS system at certain venues. The software copied payment card information, which may have included payment card account number, card expiration date, internal verification code, and cardholder names, according to the natural foods grocer.
Whole Foods Market has replaced the compromised POS sys-tems and stopped the unauthorized activity. The company also continues to work closely with the payment card companies, Whole Foods reported.