Important Notice About Your Data Security
Date of Notice: Thursday, July 24, 2025
Dates of Data Security Incident on Register 3 at our East Store: Saturday, June 28th–Saturday, July 12th.
Please scroll to the bottom of this page for FAQS.
Any new information will be added or linked to this page.
Dear Bloomingfoods Shoppers,
At Bloomingfoods, transparency and community trust are foundational to everything we do. We’re reaching out today to share important information regarding an incident involving one of our payment terminals.
On Saturday, July 12th, 2025, we discovered a credit card skimming device attached to Register 3 at our East Store. A credit card skimmer is a device illegally placed over or inside a payment terminal to capture data from the credit or debit cards. These devices are often difficult to detect and are typically used to steal card information for fraudulent transactions. The device was removed immediately, and we began a full investigation with the help of local authorities.
After reviewing camera footage, we found that the skimmer was placed on the Register 3 payment terminal on Saturday, June 28th, 2025 (this is the correct date that was included in the second email notification: 🚨Date Correction & FAQs RE: Important Notice About Your Data Security). While there’s no confirmed breach of customer data, given the timeline of events, you should assume your data has been compromised.
Your safety and trust mean everything to us.
Here’s what we’re doing at both of our stores to ensure your information stays safe:
Increased Terminal Inspections:
All payment terminals are now being inspected multiple times daily by trained management staff to detect and prevent tampering.
Upgraded Hardware Security:
We are accelerating the rollout of new terminals to enhance protection across all stores.
Enhanced Surveillance & Monitoring:
Physical security protocols have been increased in all checkout areas.
Staff Training:
Our frontline and management teams are receiving updated training to help them identify signs of tampering or fraudulent behavior.
PCI Compliance Review:
We are conducting a full review of our systems and procedures to ensure we continue to meet or exceed Payment Card Industry (PCI) security standards.
Data Privacy Compliance:
We are following all appropriate reporting procedures under relevant state and federal data protection laws.
What you can do:
Monitor Your Accounts:
Review your recent bank and credit card activity for any unfamiliar charges. If you see anything suspicious, notify your card issuer right away.Let us know if you have any questions:
Please contact us at support.team@bloomingfoods.coop. We’re always here for you.
Helpful resources:
We’re truly sorry this happened and are doing everything we can to prevent it from happening again. Thank you for your continued support of the co-op.
With care,
Bloomingfoods Team
Frequently Asked Questions
-
A: No, this email was sent to all of our email subscribers and Owner-Members for whom we have an email address on file.
-
A: We have four registers at our East Store, and Register 3 is the closest to the exit door and one register away from the bathrooms.
-
A: At the top of your receipt, registers are identified by "Your cashier is: Floater X" and "Your cashier is: Floater 3" would be the transactions that could have been affected.
-
A: If you are an Owner-Member and gave the cashier your Owner-Member number, we can look up your receipt in our database system and let you know if you could have been affected.
-
A: Both debit and credit cards can be affected.
-
A: EBT and gift cards with a magnetic stripe can be affected by skimming devices.
-
A: The skimmer can only capture inserted cards.
-
A: Apple Pay is contactless, so it is nearly impossible for your data to be stolen. Contactless creates a temporary one-time authorization, and some Contactless Payments use fake numbers as well.
-
A: Unfortunately, we cannot.
-
A: We were assessing the situation in collaboration with local law enforcement and our merchant bank/credit card processing service to ensure we have accurate information to share with all of our shoppers.
-
A: Yes, the unknown individuals were caught on security footage attaching the skimming device while checking out at Register 3. Due to the ongoing investigation with the police, we cannot disclose any further information. We can tell you that the three individuals are not Bloomingfoods employees.
-
A: In order to collect your data your card would have needed to be used during the time the skimmer was attached to the store reader. Our credit card processing devices do not retain any information.