Whole Foods: We've been hacked and your credit and debit card data could be compromised

Just Whole Foods, definitely not its new owner Amazon, the company claims

Whole Foods, the upmarket US supermarket chain recently acquired by Amazon, has admitted to a point-of-sale data breach compromising customers' credit and debit card details.

The company was quick to asset that the breach has only affected Whole Foods breach and not Amazon.com (or Amazon.co.uk).

However, Whole Foods was only alerted to the breach following a report by an outsider - indicating that its own internal IT and security teams hadn't detected any anomalous activity.

"Whole Foods Market recently received information regarding unauthorised access of payment card information used at certain venues, such as taprooms and full table-service restaurants located within some stores.

"These venues use a different point of sale system than the company's primary store checkout systems, and payment cards used at the primary store checkout systems were not affected," it said.

"When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cyber security forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue."

This means that anyone who has bought food and drink to eat on their premises may need to cancel their cards (again), as well as checking their statements more closely.

Whole Foods has promised to contact customers whose payment data might have been compromised.

"The company's investigation is ongoing and it will provide additional updates as it learns more," added the firm.

It continued: "Whole Foods Market encourages its customers to closely monitor their payment card statements and report any unauthorised charges to the issuing bank."

Not surprisingly, the security industry has been quick off the mark with comment.

"Every single piece of our data that makes its way onto a criminals list or into a database, of our most precious, private data, is another attack vector for a malicious actor," said Mark James, a security specialist at ESET.

He continued: "Cancelling our credit cards is not hard- usually if we have not been completely negligent, then getting the funds refunded is also not difficult, but trying not to get scammed, or be a victim of a phishing attack is not so easy.

"Even though Whole Foods may not in themselves ring bells, when the email arrives their association with Amazon may be the big draw here.

He added that customers of both Whole Foods and Amazon should also be wary of the phishing emails that scammers will inevitably be pushing out.

"It's quite probable we will see phishing attacks using both brand names trying to get you to follow the link or download something to 'verify' your details.

"As with all cases like this, be very vigilant about keeping an eye on your finances- small transactions might just be criminals testing the card to see if it works. If you find anything out of the ordinary then contact your bank immediately."