Important Notice About Your Data Security
Date of Notice: Thursday, July 24, 2025
This notice was emailed to all of our email subscribers–non-members & Members.
Dates of Data Security Incident on Register 3 at our East Store: Saturday, June 28th–Saturday, July 12th.
While there’s no confirmed breach of customer data, given the timeline of events, if you made a purchase on Register 3 at Bloomingfoods East from June 28th through July 12th by inserting a debit or credit card, EBT card, and/or gift card with a magnetic stripe into the payment terminal, you should assume your data has been compromised.
Please scroll to the Middle of this page for FAQS & Updates.
As we continue to work with local law enforcement, the Bloomington Police Department, any new information will be added or linked to this page.
Dear Bloomingfoods Shoppers,
At Bloomingfoods, transparency and community trust are foundational to everything we do. We’re reaching out today to share important information regarding an incident involving one of our payment terminals.
On Saturday, July 12th, 2025, we discovered a credit card skimming device attached to Register 3 at our East Store. A credit card skimmer is a device illegally placed over or inside a payment terminal to capture data from the credit or debit cards. These devices are often difficult to detect and are typically used to steal card information for fraudulent transactions. The device was removed immediately, and we began a full investigation with the help of local authorities.
After reviewing camera footage, we found that the skimmer was placed on the Register 3 payment terminal on Saturday, June 28th, 2025 (this is the correct date that was included in the second email notification: 🚨Date Correction & FAQs RE: Important Notice About Your Data Security). While there’s no confirmed breach of customer data, given the timeline of events, you should assume your data has been compromised.
Your safety and trust mean everything to us.
Here’s what we’re doing at both of our stores to ensure your information stays safe:
Increased Terminal Inspections:
All payment terminals are now being inspected multiple times daily by trained management staff to detect and prevent tampering.
Upgraded Hardware Security:
We are accelerating the rollout of new terminals to enhance protection across all stores.
Enhanced Surveillance & Monitoring:
Physical security protocols have been increased in all checkout areas.
Staff Training:
Our frontline and management teams are receiving updated training to help them identify signs of tampering or fraudulent behavior.
PCI Compliance Review:
We are conducting a full review of our systems and procedures to ensure we continue to meet or exceed Payment Card Industry (PCI) security standards.
Data Privacy Compliance:
We are following all appropriate reporting procedures under relevant state and federal data protection laws.
What you can do:
Monitor Your Accounts:
Review your recent bank and credit card activity for any unfamiliar charges. If you see anything suspicious, notify your card issuer right away.Let us know if you have any questions:
Please contact us at support.team@bloomingfoods.coop. We’re always here for you.
Helpful resources:
We’re truly sorry this happened and are doing everything we can to prevent it from happening again. Thank you for your continued support of the co-op.
With care,
Bloomingfoods Team
Frequently Asked Questions
-
A: No, this email was sent to all of our email subscribers and Owner-Members for whom we have an email address on file.
-
A: We have four registers at our East Store, and Register 3 is the closest to the exit door and one register away from the bathrooms.
-
A: At the top of your receipt, registers are identified by "Your cashier is: Floater X" and "Your cashier is: Floater 3" would be the transactions that could have been affected.
-
A: If you are an Owner-Member and gave the cashier your Owner-Member number, we can look up your receipt in our database system and let you know if you could have been affected.
-
A: Both debit and credit cards can be affected.
-
A: EBT and gift cards with a magnetic stripe can be affected by skimming devices.
-
A: The skimmer can only capture inserted cards.
-
A: Apple Pay is contactless, so it is nearly impossible for your data to be stolen. Contactless creates a temporary one-time authorization, and some Contactless Payments use fake numbers as well.
-
A: Unfortunately, we cannot.
-
A: We were assessing the situation in collaboration with local law enforcement and our merchant bank/credit card processing service to ensure we have accurate information to share with all of our shoppers.
-
A: Yes, the unknown individuals were caught on security footage attaching the skimming device while checking out at Register 3. Due to the ongoing investigation with the police, we cannot disclose any further information. We can tell you that the three individuals are not Bloomingfoods employees or known members of our Co-op community.
-
A: In order to collect your data your card would have needed to be used during the time the skimmer was attached to the store reader. Our credit card processing devices do not retain any information.
-
A: Yes, card skimming devices are a common method of fraud, with incidents increasing in recent years, according to news sources. Criminals install these devices on ATMs, gas pumps, and point-of-sale terminals to steal card information, including magnetic stripe data, which they can then use to make fraudulent purchases or create fake cards.
-
Unfortunately, if your card information was breached at our East Store, we would not know the fake account names or what the criminals would have done with your information.
Tuesday, August 5th, Update
This Update was emailed to all of our email subscribers–non-members & Members.
Dear Bloomingfoods Shoppers,
We would like to start by thanking you for your patience, understanding, and continued support of the co-op. Without the support of shoppers and Owner-Members like you, dedicated employees, local vendors, community partners, and the Bloomington community as a whole, we would not be able to continue to serve the community the way we have over the past 49 years.
Secondly, we would like to share an update with you on what we’re doing at both of our stores to ensure your data stays safe:
Increased Terminal Inspections:
Permanent Standard Operating Procedure: All payment terminals are now being inspected multiple times a day by trained management staff to detect and prevent tampering.Upgraded Hardware Security:
By August 8th, all new payment terminals will be installed to enhance protection across both stores.Enhanced Surveillance & Monitoring:
In addition to the increased regular checks at each register, we have revised which registers are manned to ensure better oversight of the registers, as well as additional security checks if a register is left unattended.Staff Training:
By August 8th, our frontline and management teams will have completed updated training to help them identify signs of tampering or fraudulent behavior. We will be working on an ongoing training program to ensure that our teams have continual updated training on security measures and the prevention of skimmers.PCI Compliance Review:
By August 8th, we will have completed a full review of our systems and procedures to ensure we continue to meet or exceed Payment Card Industry (PCI) security standards.Data Privacy Compliance:
We are following all appropriate reporting procedures under relevant state and federal data protection laws by reporting to the Bloomington Police Department, USDA, and our merchant bank.Bloomington Police Department Update:
The Bloomington Police Department has sent the skimming device to a Secret Service lab in Chicago for further investigation. We will continue to update our website with any new information and FAQs as they arise.
Please let us know if you have any questions. Thank you again for your continued support of the co-op!
With care & cooperation,
Bloomingfoods Team