Phoenix-based Sprouts Farmers Market discovered that illegal software targeted point-of-sale systems at 19 of its 151 stores over a five-day period, including two stores in San Diego County.
Between Jan. 25 and 29, the credit card terminals were reportedly breached at the Sprouts at 152 N. Second St. in El Cajon, and at 149 South Las Posas Road in San Marcos.
As a result of the breach, certain credit card and debit card (but not PIN) numbers used at those locations may have been acquired by unauthorized third parties.
The natural foods chain said while it is unable to confirm whether any of the attacks were successful, “Sprouts believes fewer than 2 percent of its card transactions were potentially compromised.”
Within hours of discovering the intrusion Sprouts said it prevented the illegal software from functioning, quickly replaced all the card terminals in question and has worked with a data security firm to strengthen its point-of-sale procedures in all 151 stores.
Sprouts also has notified federal law enforcement authorities, and has been supporting a federal government investigation into the matter.