Whole Foods Market venues in New York and New Jersey are among locations hit by a nationwide data breach, the company says.
The breach affects customers who bought meals or drinks at in-store restaurants or bars, including taprooms.
The company said the venues use a different point of sale system than the main checkout registers and that payment cards used at the latter were not affected. Amazon.com shoppers also weren't impacted by the hack.
Whole Foods said it’s working with a cybersecurity forensics firm and authorities as it investigates the breach.
The company said customers should closely monitor their payment card statements and report any unauthorized charges to their banks.
Affected locations in New York:
• Bryant Park (1095 Sixth Ave.): Burger Venue, Harbor Bar, Kiosk Venue, Pizza Venue, Gengi Asian Venue
• Tribeca (270 Greenwich St.): Burger Venue
• Gowanus (214 3rd St.): The Roof Bar
• Williamsburg (238 Bedford Ave.): Tap Room
Affected locations in New Jersey:
• Clark (1255 Raritan Rd.): BBQ Venue, Clark Bar
• Metuchen (645 Middlesex Ave.): Mexican Venue
• Milburn-Union (2245 Springfield Ave.): BBQ Venue