The credit card data breach recorded at some Whole Foods locations has been resolved, according to a statement from the company. The breach, announced Sep. 28, was restricted to certain venues within stores; main grocery checkouts were not affected.
The affected venues included tap rooms and full-service restaurants located within some Whole Foods locations. According to the company, those venues use point-of-sale (POS) hardware that differs from the in-store systems.
Out of 449 Whole Foods locations in the U.S., 40 sell beer on tap, CNET reported in September. The report did not specify how many Whole Foods locations offer dine-in restaurants.
Whole Foods did not comment on the number of cardholders attacked or divulge which stores were affected when the cyberattack was first reported, according to CNET. On Oct. 20, Fox Business reported that about 100 tap rooms and restaurants in 30 states were affected over the span of a six-month period.
Whole Foods conducted an internal investigation of the breach and replaced the points of sale that were discovered to be compromised. The company worked with a cyberforensics firm during the investigation.
The grocery chain, which Amazon acquired in August, assured consumers that the breach was restricted to certain store venues and had nothing to do with the online retailer. “The Amazon.com systems do not connect to these systems at Whole Foods Market,” the company stated. “Transactions on Amazon.com have not been impacted.”
“Whole Foods Market apologizes to customers for any inconvenience or concern this may have caused,” said the company. “Whole Foods Market has been working closely with the payment card companies. Payment card network rules generally state that cardholders are not responsible for fraudulent charges that are reported in a timely manner. Customers should promptly report any unauthorized charges to the bank that issued their card.”