Whole Foods Discloses Data Breach

In the latest data breach involving consumer data, Whole Foods Market said card-payment information of customers who drank and dined in its taprooms and full-service restaurants has been hacked.

The grocery-store chain, now part of Amazon.com Inc., said its restaurants and taprooms use a separate checkout system and information of its grocery shoppers weren't affected. Amazon transactions were also not accessed in the breach, Whole Foods said in a statement on its website.

The company said it has hired a cybersecurity firm to help it investigate the hack and contacted law enforcement.

"While most Whole Foods Market stores do not have these taprooms and restaurants, Whole Foods Market encourages its customers to closely monitor their payment card statements and report any unauthorized charges to the issuing bank," the company said.

A Whole Foods spokeswoman declined to comment beyond what it stated in the release.

The sit-down restaurants and wine bars are focused in the company's urban locations.

Whole Foods's announcement comes after fast-food chain Sonic Corp. said earlier this week its credit-card processor notified the company about a possible hack of customer-payment data.

Credit-reporting company Equifax Inc. is continuing to deal with the fallout from a data breach, announcing Sept. 7 that names, addresses, birthdays and Social Security numbers of potentially 143 million Americans had been accessed by hackers. Also earlier this month, Charter Communications Inc.'s Time Warner Cable acknowledged that personal records of millions of subscribers were left unprotected on a server.

All but two states have laws detailing how quickly companies must report data breaches, but the laws have been largely ineffective in getting companies to be forthcoming with information. Some U.S. lawmakers are pushing for federal regulation that would simplify the rules and require companies to report breaches within 30 days.

Write to Imani Moise at imani.moise@wsj.com

(END) Dow Jones Newswires

September 28, 2017 18:25 ET (22:25 GMT)