Whole Foods says it has resolved a data breach that it reported last month, in which the company detected unauthorized access to credit card information in some point-of-sale systems.
The grocery chain released a statement Friday that it investigated the incident with law enforcement and “a leading cyber security forensics firm.” The company said it has stopped the unauthorized access and replaced the compromised point-of-sale systems.
Whole Foods detected unauthorized software on its payment systems that serve taprooms and restaurants at some of its stores, the statement said.
The company says those payment systems are separate from its main grocery store point-of-sale systems.
“The software copied payment card information—which could have included payment card account number, card expiration date, internal verification code, and cardholder name—of customers who used a payment card at these venues,” the company said.
Whole Foods has not said how many customers may have been impacted, but did say that the impact falls on some sales between March 10 and Sept. 28, 2017.
In saying that it has “resolved” the issue, the company seems to be referring to the unauthorized activity on its own systems only. It is still recommending that customer check for unauthorized use of their credit cards.
You can check to see if a Whole Foods location you’ve visited was affected on the company’s website.