Natural Grocers announced the investigation of a possible data breach involving customer payment cards.
Although the company claims it has not received any reports of fraudulent activity, the natural and organic grocer is looking into a breach involving unauthorized intrusions targeting limited customer payment data, reported Computer Weekly.
Sources in the financial industry have traced a pattern of fraud by hackers taking advantage of vulnerable POS systems at locations across the country. Natural Grocers has 93 stores in 15 states and, as of recently, offers one-hour grocery delivery to those in the Portland, Oregon, area.
The attackers are said to have breached Natural Grocers in late December of last year.
According to Brian Krebs in his KrebsOnSecurity blog, the retailer has hired a third-party forensics firm to assist in the investigation of the possible breach. Still, the company claims that it "has received no reports of any fraudulent use of payment cards from any customer, credit card brand or financial institution," in response to questions by Krebs.
Yet banking sources told Krebs that cards stolen from the retailer are on sale in the cybercrime underground.
Natural Grocers said that while the investigation is ongoing, it has accelerated plans to upgrade its POS system to meet PCI compliance, which is based on the Europay, MasterCard and Visa (EMV) system being rolled out across the United States in efforts to reduce fraud.
Natural Grocers is not the first retailer to announce a possible data breach in 2015. Back in January, Chick-fil-A reported a possible cybercrime involving customer payment cards. And 2014 saw its fair share of hacked retailers, including Staples (NYSE:SPLS), Kmart (NYSE:SHLD), Supervalu (NYSE:SVU) and Home Depot (NYSE:HD).
-See this Computer Weekly article
-See this KrebsonSecurity blog
Natural Grocers launches one-hour delivery service
Petco partners with Instacart for one-hour delivery
Instacart partners with Costco, Kroger to debut Seattle delivery
BJ's Wholesale adds same-day delivery with Instacart
90% of 2014 data breaches were preventable