The company did not immediately say how many customers or stores might be affected, but said payment information was not hacked at its primary checkout counters because they use a different operating system.
“When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cyber security forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue,” the company said in a written statement.
Whole Foods, which was recently purchased by online retailer Amazon, also said that Amazon’s system was not affected.
Most of Whole Foods’ more than 460 stores do not have in-store bars and restaurants. The ones that do are usually in or near larger cities.
It’s unclear when the hack happened and when exactly Whole Foods learned of it. Whole Foods did not respond to a message left, seeking additional comment.
The company said it would continue to investigate the matter and provide updates when it has more information.