INFRA
INFRA
INFRA
Whole Foods point-of-sale terminals hacked, credit card data stolen
Just over a month since being acquired by Amazon.com Inc., Whole Foods Market disclosed Thursday that some of its point-of-sale terminals had been hacked, resulting in the theft of customer data, including credit details.
How many Whole Foods outlets were affected by the hack was not made clear, but the company said the compromise of its systems only affected its taprooms, areas in which it sells alcoholic beverages on tap, and its restaurants. Both are said to run on different systems to Whole Food’s retail grocery POS terminals, which were not affected by the hack, and none of the systems are in any way connected to Amazon.com systems.
“Whole Foods Market recently received information regarding unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores,” the company said in a statement. “When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cybersecurity forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue.
Whole Foods is far from the first company to be targeted by POS hacking. Chipotle Mexican Grill Inc., The Wendy’s Company and more recently Sonic Corp. also suffered from POS attacks.
In the case of Sonic, and applicable to the Whole Foods hack, Steve Moore, vice president and chief security strategist at Exabeam Inc., told SiliconANGLE that although how the criminal gained access to the POS network is unknown, these sorts of attacks usually have a pattern.
“A proven method from the earlier Wendy’s breach was the use of stolen remote access credentials from a service provider being used to deploy malware on store payment systems,” Moore said. “As long as there’s monetary gain on the table and the methods to detect and disrupt don’t improve the adversary will persist and succeed.”
Defending companies need to know what the normal state of the systems looks like so there can be an early indication of compromise when uncommon behaviors occur, such as system access, beaconing or file uploads, he added. “In both cases, credit and debit card information was collected and removed undetected.”
The news that Whole Foods had been hacked did not affect Amazon’s share price.
Photo: ChadPerez49/Wikimedia Commons
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
