Shopping at Whole Foods might have cost customers more than just overpriced avocados.
The popular grocery chain, which Amazon bought for $13.7 billion in June, warned its customers that thieves had stolen payment card information at several of its stores. Point-of-sales attacks often target popular chains. Fast food joints like Chipotle and Wendy’s have been hit in the past with credit card information stolen. Cybercriminals often look for easy targets to make quick cash, and restaurants have shown that they’re simple to hack.
The cyberattack hit Whole Foods’ taprooms and restaurants, not their checkout lines, the company said. That’s because they have a different payment system at their taprooms and restaurants. The hack did not spread to Amazon’s payment servers because they’re not connected to Whole Foods’ stores.
Whole Foods has 449 stores in the US, more than 40 of which sells beer on tap. It’s unclear how many restaurants Whole Foods has.
“While most Whole Foods Market stores do not have these taprooms and restaurants, Whole Foods Market encourages its customers to closely monitor their payment card statements and report any unauthorized charges to the issuing bank,” the company said in a statement.
Whole Foods did not respond to a request for comment on how many people are affected, and which stores were hacked.
The Amazon-owned grocery chain said it’s working with a cybersecurity forensics firm and law enforcement to investigate who is behind the attack.