Whole Foods has suffered a data breach of credit card information, when hackers gained access to data through a point-of-sale vendor that operates in their locations with restaurants/taprooms, the company said Thursday.
Credit cards used at those systems were not affected, and the company said it was taking “appropriate measures” to address the security issue. Amazon, who acquired Whole Foods last month, shares were little changed in after hours trading.
Amazon’s systems do not connect to those at Whole Foods, and Amazon purchases are not affected, Whole Foods added.
>See also: Italy’s largest bank hacked cyber incident
Fred Kneip, CEO, CyberGRX, commented: “Hackers are constantly looking for the path of least resistance to sensitive data. As digital ecosystems expand, that path frequently goes through a third-party vendor, supplier or contractor – in this case, a point-of-sale vendor. If a chain is only as strong as its weakest link, large enterprises have thousands of links that can be exploited. Organisations need to develop a real-time understanding of which third parties in their network pose the biggest threat to the data they are entrusted to protect so that they can proactively work to resolve third-party cyber risk issues before they turn into problems that impact their reputation and bottom line.”