Amazon’s new acquisition, Whole Foods Market, disclosed on Thursday that its has suffered a point-of-sale data breach that compromised the payment card information of customers who used its taprooms and full table-service restaurants.
The actual grocery store checkout systems were not impacted, however, as they run on a separate POS system than those affected. Likewise, Amazon.com’s systems were not in any way impacted. In August, Amazon purchased the food retailer in a $13.7 billion deal.
Michael Daly, CTO of Raytheon’s cybersecurity business, said that having separate POS systems for Whole Food’s grocery checkout and food-service venues prevented a much bigger headache. “In a contested environment like this, segmenting the networks, like WholeFoods did with its unique restaurant and taproom environment, saves other parts of the business from also being breached,” Daly said in e-mailed comments. “Whether the segmented approach was happenstance or not, there is a lesson to be taken from today’s breach.”
In a company news statement, Whole Foods said it has “launched an investigation, obtained the help of a leading cyber security forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue.”