If you ate or drank at Whole Foods recently, you might want to keep a close eye on your credit card transactions.
Shopping at Whole Foods might have cost customers more than just overpriced avocados.
The popular grocery chain, which Amazon bought for $13.7 billion in June, warned customers Thursday that thieves stole payment card information at several of its stores. The cyberattack hit Whole Foods' taprooms and restaurants, not stores' primary checkout lines, the company said.
These in-store taprooms and restaurants use a different payments system than the regular Whole Foods checkout. The hack didn't spread to Amazon's payment servers because they're not connected to Whole Foods' stores, the company said.
Point-of-sales attacks often target popular chains. Fast food joints like Chipotle and Wendy's have been hit in the past, with hackers stealing customer credit card information. Cybercriminals often look for easy targets to make quick cash, and restaurants have shown they're simple to hack.
Whole Foods has 449 stores in the US and more than 40 sell beer on tap. It's unclear how many restaurants Whole Foods has.
"While most Whole Foods Market stores do not have these taprooms and restaurants, Whole Foods Market encourages its customers to closely monitor their payment card statements and report any unauthorized charges to the issuing bank," the company said in a statement.
Whole Foods declined to comment on how many people are affected and which stores were hacked.
The grocery chain said it's working with a cybersecurity forensics firm and law enforcement to investigate who is behind the attack.
First published Sept. 29, 6:25 a.m. PT.
Update at 8:14 a.m. PT: With Whole Foods declining to comment.
It's Complicated: This is dating in the age of apps. Having fun yet?
Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.