The Hangar Bar at Whole Foods Market in Tustin opened last year. The taproom was part of a six-store hack in Orange County (Photo by Paul Rodriguez, Orange County Register/SCNG)

The grocer, which was recently acquired by Seattle-based online retailer Amazon.com Inc., says the data breach did not affect its main checkout registers or any Amazon.com shoppers. However, 6 dining venues and tap rooms in Orange County were breached including the year old taproom in Tustin.

Sound The gallery will resume in seconds

Customers hang out at the Back Bay Tavern at the Fashion Island Whole Foods Market The dining venue was part of a six-store hack in Orange County )Paul Bersebach, The Orange County Register)



Dining venues and taprooms inside 15 Whole Foods Markets in Southern California were part of a nationwide data breach of the Amazon-owned grocery chain.

Whole Foods first announced the data breach in late September. After conducting an investigation, the company revealed dozens of stores in 30 states, including California, were impacted by the breach, which stretched over seven months.

The 15 Southern California stores included six Whole Foods markets in Orange County: Tustin, Huntington Beach, Laguna Niguel, Irvine, Brea and Newport Beach. Whole Foods said the credit-card payment systems hacked were restricted to in-house restaurants and taprooms.

Grocery shoppers and Amazon customers were not impacted by the breach, which occurred between March 10 and Sept. 28, 2017. In late August, Amazon purchased the Austin-based natural foods chain for $13.7 billion.

“The software copied payment card information — which could have included payment card account number, card expiration date, internal verification code, and cardholder name — of customers who used a payment card at these venues,” Whole Foods said in a statement.

Whole Foods said it first learned of the unauthorized access to its systems Sept. 23. The company disclosed the breach to the public within a week.

The company said it has since replaced its “point of sale systems for payment card transactions and stopped the unauthorized activity. Whole Foods Market apologizes to customers for any inconvenience or concern this may have caused.”

Last Friday, the company released the dining venues and bars impacted by the breach.

Here’s a list of the stores breached in Southern California. Whole Foods said “not all cards used at all venues listed were affected.” The company said customers with questions can call 1-888-818-7100.

Whole Foods Stores Hacked in SoCal

Huntington Beach, 7881 Edinger Ave Suite 150: sandwich venue, sushi venue, taproom

Brea, 3301 E. Imperial Hwy.: the taproom

Laguna Niguel, 23932 Aliso Creek Road: The taproom

Irvine, 8525 Irvine Center Drive: the Asian venue, coffee bar, juice bar, pizza venue, taproom

Tustin (The District), 2847 Park Ave.: the taproom

Newport Beach (Fashion Island), 415 Newport Center Drive: taproom

El Segundo (Plaza El Segundo), 760 South Sepulveda Blvd.: the taproom, Kogi restaurant, sushi venue

Downtown Los Angeles, 788 S. Grand Ave.: pizza venue, sandwich venue, taproom, Chego Asian venue

Silver Lake 365, 2520 Glendale Blvd.: Fresh Eats Venue

Pasadena (Arroyo), 465 South Arroyo Parkway: taproom

Pasadena, 3751 E. Foothill Blvd.: taproom

Venice, 225 Lincoln Blvd.: wine bar.

Playa Vista, 12746 West Jefferson Blvd. Suite #1100: taproom

Palm Desert, 44-459 Town Center Way: taproom

Related: Should you Freeze Your Credit After a Breach?