Whole Foods officials said the credit and debit card information of customers who bought meals or drinks at its in-store restaurants or bars were exposed to hackers.
The grocer, which was recently acquired by Seattle-based online retailer Amazon.com Inc., says the data breach did not affect its main checkout registers or any Amazon.com shoppers.
Officials did not say which of its 470 stores were affected, and a spokeswoman declined to answer any questions. The Whole Food stores that do have in-store restaurants and bars tend to be in or near cities.
Whole Foods says it is investigating the hack.