UPDATED 22:58 EDT / SEPTEMBER 28 2017

INFRA

Whole Foods point-of-sale terminals hacked, credit card data stolen

Just over a month since being acquired by Amazon.com Inc., Whole Foods Market disclosed Thursday that some of its point-of-sale terminals had been hacked, resulting in the theft of customer data, including credit details.

How many Whole Foods outlets were affected by the hack was not made clear, but the company said the compromise of its systems only affected its taprooms, areas in which it sells alcoholic beverages on tap, and its restaurants. Both are said to run on different systems to Whole Food’s retail grocery POS terminals, which were not affected by the hack, and none of the systems are in any way connected to Amazon.com systems.

“Whole Foods Market recently received information regarding unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores,” the company said in a statement. “When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cybersecurity forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue.

Whole Foods is far from the first company to be targeted by POS hacking. Chipotle Mexican Grill Inc.The Wendy’s Company and more recently Sonic Corp. also suffered from POS attacks.

In the case of Sonic, and applicable to the Whole Foods hack, Steve Moore, vice president and chief security strategist at Exabeam Inc., told SiliconANGLE that although how the criminal gained access to the POS network is unknown, these sorts of attacks usually have a pattern.

“A proven method from the earlier Wendy’s breach was the use of stolen remote access credentials from a service provider being used to deploy malware on store payment systems,” Moore said. “As long as there’s monetary gain on the table and the methods to detect and disrupt don’t improve the adversary will persist and succeed.”

Defending companies need to know what the normal state of the systems looks like so there can be an early indication of compromise when uncommon behaviors occur, such as system access, beaconing or file uploads, he added. “In both cases, credit and debit card information was collected and removed undetected.”

The news that Whole Foods had been hacked did not affect Amazon’s share price.

Photo: ChadPerez49/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU