Whole Foods Data Breach and the Future of Customer Information

Print Email

Whole Foods, the Amazon.com Inc. (NASDAQ: AMZN) grocery store division, is the latest in a long line of companies to report a hack that has exposed customer information. At some point, companies will be blocked from collecting large amounts of information about customers, or at the very least, limited to how long they can store it.

At stake is the use of customer data for marketing, customer retention and customer convenience. Many companies collect data about people with whom they have done business to announce sales or incentives to become repeat customers. Other companies store data so people can easily shop online without giving the same credit card data, address, email address and name over and over again.

Whole Foods announced:

Whole Foods Market recently received information regarding unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores. These venues use a different point of sale system than the company’s primary store checkout systems, and payment cards used at the primary store checkout systems were not affected. When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cyber security forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue.

The company’s investigation is ongoing and it will provide additional updates as it learns more. While most Whole Foods Market stores do not have these taprooms and restaurants, Whole Foods Market encourages its customers to closely monitor their payment card statements and report any unauthorized charges to the issuing bank.

Once again, the customers are asked to take hold of the problem and self-monitor whether the breach has affected their accounts or allowed hackers to use the information.

There are probably systems that will wipe databases clean of all customer information held by companies within some short time after transactions. Such systems would create a nightmare for companies that use the data. Customers would have the added burden of repeatedly giving substantial amounts of information such as credit card numbers, names and addresses. The payment systems for these transactions might be reset to what they were decades ago.

The reset may be the only way to lower the effects of hacks, which means it is possible a radical change in the relationship between vendor and customer could happen.