Whole Foods Market Payment Card Investigation Update - California Residents

Notice of Data Breach

AUSTIN, Texas (October 20, 2017) – Whole Foods Market has resolved the incident previously announced on September 28, 2017, involving unauthorized access of payment card information used at certain venues such as tap rooms and full table-service restaurants located within some stores. Whole Foods Market apologizes to customers for any inconvenience or concern this may have caused.

What Happened

Whole Foods Market learned on September 23, 2017 of unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores. These venues use a different point of sale system than the company’s primary store checkout systems, and payment cards used at the primary store checkout systems were not affected.

What Information Was Involved

The investigation determined that unauthorized software was present on the point of sale system at certain venues. The software copied payment card information—which could have included payment card account number, card expiration date, internal verification code, and cardholder name—of customers who used a payment card at these venues at dates that vary by venue but are no earlier than March 10, 2017 and no later than September 28, 2017. The Amazon.com systems do not connect to these systems at Whole Foods Market. Transactions on Amazon.com have not been impacted.

What You Can Do

Whole Foods Market has been working closely with the payment card companies. Payment card network rules generally state that cardholders are not responsible for fraudulent charges that are reported in a timely manner. Customers should promptly report any unauthorized charges to the bank that issued their card. The phone number to call is usually on the back of the payment card. Please see the section that follows this notice for additional steps you may take to protect yourself. The drop-down form included at www.wholefoodsmarket.com/customernotification contains a list of the venues involved, although not all cards used at all venues listed were affected.

What We Are Doing

When Whole Foods Market learned of potential unauthorized access, it conducted an investigation, obtained the help of a leading cyber security forensics firm, and contacted law enforcement. Whole Foods Market replaced these point of sale systems for payment card transactions and stopped the unauthorized activity.

For More Information

If you have any questions, please call 1-888-818-7100 from 8:00 a.m. to 5:00 p.m. C.T., seven days a week.

More Information on Ways to Protect Yourself

We remind you to remain vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows:

Experian, PO Box 2002, Allen, TX 75013, www.experian.com,1-888-397-3742

TransUnion, PO Box 2000, Chester, PA 19016, www.transunion.com, 1-800-916-8800

Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111

If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows:

Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft