Uh Oh. They just announced. Generally it's the tip of the iceberg, and then over time more details are released that show it was muuuch worse than initially expected. Looks like Amazon may have bought an organic lemon.
"Whole Foods Market recently received information regarding unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores. These venues use a different point of sale system than the company’s primary store checkout systems, and payment cards used at the primary store checkout systems were not affected.
"When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cyber security forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue.
"The company’s investigation is ongoing and it will provide additional updates as it learns more. While most Whole Foods Market stores do not have these taprooms and restaurants, Whole Foods Market encourages its customers to closely monitor their payment card statements and report any unauthorized charges to the issuing bank. "
All but two states have laws detailing how quickly companies must report data breaches, but the laws have been largely ineffective in getting companies to be forthcoming with information. Some U.S. lawmakers are pushing for federal regulation that would simplify the rules and require companies to report breaches within 30 days.
One silver lining: The Amazon.com systems do not connect to these systems at Whole Foods Market. Transactions on Amazon.com have not been impacted.
Watch those credit card statements and keep a sharp eye out for phishing attacks with this theme.