Natural Grocers Hacked


The Colorado-based health food chain Natural Grocers recently acknowledged that an "unauthorized intrusion" into its network may have exposed "limited customer payment card data."

"With the help of third-party data security experts, the incident was contained, and law enforcement is investigating the matter," the company said in a statement.

While no names, addresses, Social Security numbers, PIN numbers or CVV codes were accessed, Natural Grocers says an unspecified number of customer payment card numbers may have been compromised.

Natural Grocers is working with its payment processor and with the major credit card brands to monitor the affected cards for suspicious activity.

"Natural Grocers is committed to protecting its customers’ information and data security," the company stated. "The company has accelerated the upgrade of the point-of-sale system in all of its store locations to include new pin pads and a PCI-compliant system that provides point-to-point encryption and 'chip and PIN' card technology."

The new system is currently being installed at all of Natural Grocers' 93 locations in 15 states.

Financial industry sources told investigative reporter Brian Krebs that a pattern of fraud on credit and debit cards had been linked to Natural Grocers as a common point of purchase.

A source with inside knowledge of the breach told Krebs that the attackers leveraged weaknesses in Natural Grocers' database servers to break into the company's network just before Christmas 2014 and place malware on its point-of-sale systems.

That timeline is similar to the recently disclosed breach at the Mandarin Oriental Hotels Group, which also dates back to just before Christmas 2014.

In response to massive point-of-sale breaches at Target and Home Depot, a recent eSecurity Planet article examined the steps retailers can take to improve their point-of-sale security.