In reply to News inquiry on Thursday, Whole Foods refused to say how many of its stores may have been affected or where they were located. The organization did not respond Friday when asked how long it was informed of the breach before alerting the public.
In its only announcement so far, Whole Foods said it was informed of a potential breach after it “received data regarding unauthorized access of payment card information.” That grammar appears to imply that Whole Foods did not detect the Hack itself, but was notified by a third party instead.
Rep. Diana DeGette of Colorado, a constant and vocal proponent of post-breach customer protection, told News on Friday that Whole Foods must promote its disclosure process if it means to help consumers protect themselves from possible fraud. Timeliness with regard to breach exposure is key in determining whether a corporation is reacting appropriately Equifax was thoroughly criticized, for instance, for being too slow to notify consumers.
“Whole Foods needs to tell the complete truth about this incident, and soon,” said DeGette, the ranking Democrat on the House subcommittee on overlooking and investigations. “Customers need to know whether and how they were touched, when, and in what way. How many people, and in which areas of the country, are at risk? How long ago did Whole Foods hear of it, and what steps have been taken to lessen the damage?”
Whole Foods has been fast to disclose information about systems it says were clearly not compromised; for instance, it said the obvious breach did not impact Amazon, which acquired the supermarket chain last month.
What’s more, Whole Foods claims only consumers of bars and table-service restaurants located inside its stores could be moved. And while the company noted that not every store has a tap room or in-store restaurant, there are a notable number of them spread across the country: As of November, 180 of Whole Foods’ 464 stores had bars or taprooms, according to News.
Take your time to comment on this article.