EXPENSIVE AND FANCY GROCERS Whole Foods has confessed to some sort of point of sale credit card breach that has not affected all of its tills, but some of them.
The firm is now an Amazon property, for some 10.7 billion reasons, but it explained that this has nothing to do with Amazon.com accounts, but more to do with people who have gone into one of its canteens and had eco beans on artisan gluten-free toast. The firm was told about its breach by an outsider, which can never be a good thing.
The firm was told about its breach by an outsider, which can never be a good thing.
"Whole Foods Market recently received information regarding unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores. These venues use a different point of sale system than the company's primary store checkout systems, and payment cards used at the primary store checkout systems were not affected," it said.
"When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cyber security forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue."
Taprooms are news to us, because we don't really move in these kind of circles, but it turns out it is a pub by another name, or anywhere that you can buy beer on tap.
This means that anyone who has had a tipple or some grub served to them during shopping should probably keep an eye on their financial accounts for anything unusual. Whole Foods will likely let you know if you are in the threat arena but it might be wise to burn your current payment card and get hold of a new one.
"The company's investigation is ongoing and it will provide additional updates as it learns more. While most Whole Foods Market stores do not have these taprooms and restaurants," added the firm.
"Whole Foods Market encourages its customers to closely monitor their payment card statements and report any unauthorized charges to the issuing bank."
Hoi hoi, this looks like something that the security industry would have an opinion, and lo it does.
"Every single piece of our data that makes its way onto a criminals list or into a database, of our most precious, private data, is another attack vector for a malicious actor. Cancelling our credit cards is not hard- usually if we have not been completely negligent ,then getting the funds refunded is also not difficult- but trying not to get scammed, or be a victim of a phishing attack is not so easy!," said straight talker Mark James, one of the security bods at ESET.
"Even though Whole Foods (WF) may not in themselves ring bells, when the email arrives their association with Amazon may be the big draw here. It's quite probable we will see phishing attacks using both brand names trying to get you to follow the link or download something to "verify" your details. As with all cases like this, be very vigilant about keeping an eye on your finances- small transactions might just be criminals testing the card to see if it works. If you find anything out of the ordinary then contact your bank immediately." µ
The week in Google
The scandal that just keeps giving
Clip to the end....