Important Notice About Customer Data Security
Date of Notice: Thursday, October 9, 2025
This notice was emailed to all of our email subscribers–non-members & Members.
Dates of Incident on Register 2 at our East Store: Friday, September 26th at 6:39 p.m. – Saturday, September 27th at 3:40 p.m.
At this time, there is no evidence of a confirmed breach of customer data.
Please scroll to the End of this page for FAQs.
As we continue to work with local law enforcement, the Bloomington Police Department, any new information will be added or linked to this page.
Dear Bloomingfoods Shoppers,
At Bloomingfoods, transparency and community trust are foundational to everything we do. We’re reaching out today to share important information regarding an incident involving one of our payment terminals.
On Saturday, September 27, 2025, at 3:40 p.m., a Bloomingfoods staff member discovered a credit card skimming device attached to Register 2 payment terminal at our East Store, which was immediately removed, and local authorities were notified. Review of security footage showed that the device had been placed on the terminal the previous day, Friday, September 26, at 6:39 p.m., by two people while checking out at Register 2. A skimmer is a device illegally attached to a payment terminal to capture card information for fraudulent purposes.
Clear video footage of the individuals responsible has been provided to the Bloomington Police Department, which is leading the investigation. At this time, there is no evidence of a confirmed breach of customer data.
Proactive Security Measures We are Taking:
We are committed to ensuring the safety of our customers’ payment information. In addition to existing security protocols, we are implementing the following measures:
Uniquely Marked Terminals: Each payment terminal is now clearly marked to make tampering easy to detect.
Increased Terminal Checks: Staff will conduct additional inspections throughout the day.
Enhanced Staff Training: Our team is receiving additional training to quickly identify and respond to potential tampering.
Helpful resources:
As we continue to work with local law enforcement, we will update our website with any new information from the police: https://bloomingfoods.coop/data-security-2.
We’re proud of our team for quickly identifying and removing the skimmer. Protecting the information of everyone who shops at the Co-op is our top priority, and to ensure we keep our customers’ data safe, we will continue to enhance our security measures as criminals continue to change their tactics.
With care,
Bloomingfoods Team
Frequently Asked Questions
-
A: No, this email was sent to all of our email subscribers and Owner-Members for whom we have an email address on file.
-
A: Please see the photo provided in the section above.
-
A: At the top of your receipt, registers are identified by "Your cashier is: Floater X" and "Your cashier is: Floater 2"
-
A: If you are an Owner-Member and gave the cashier your Owner-Member number, we can look up your receipt in our database system.
-
A: Both debit and credit cards can be affected.
-
A: Yes, EBT and gift cards with a magnetic stripe can be affected by skimming devices.
-
A: A skimmer can only capture inserted or swiped cards.
-
A: Apple Pay is contactless, so it is nearly impossible for your data to be stolen. Contactless creates a temporary one-time authorization, and some Contactless Payments use fake numbers as well.
-
A: We were assessing the situation in collaboration with local law enforcement and our merchant bank/credit card processing service to ensure we have accurate information to share with all of our shoppers.
-
A: Yes, the unknown individuals were caught on security footage attaching the skimming device while checking out at Register 2. Due to the ongoing investigation with the police, we cannot disclose any further information. We can tell you that the two individuals are not Bloomingfoods employees or known members of our Co-op community, nor are they the same individuals who attached the skimmer to Register 3 in June.
-
A: In order to collect your data your card would have needed to be used during the time the skimmer was attached to the store reader. Our credit card processing devices do not retain any information.
-
A: Yes, card skimming devices are a common method of fraud, with incidents increasing in recent years, according to news sources. Criminals install these devices on ATMs, gas pumps, and point-of-sale terminals to steal card information, including magnetic stripe data, which they can then use to make fraudulent purchases or create fake cards.