Whole Foods Claims Data Breach Limited to Restaurants, Taprooms

Today’s topics include a Whole Foods payment card data breach; the release of Kubernetes 1.8 featuring improved security and scalability; reports showing government demand for Google user data is at an all-time high; and Microsoft’s release of upgraded Azure Monitor toolkit.

Whole Foods Market announced on Sept. 28 a data breach involving unauthorized access to payment card information for table-service restaurants and taprooms within a limited number of Whole Foods stores.

Although the breach does not impact the checkout system used by in-store shoppers, Whole Foods Market is encouraging "its customers to closely monitor their payment card statements and report any unauthorized charges to the issuing bank." No details have emerged about the timing of the unauthorized access or the number of impacted consumers.

Marcus Carey, CEO and founder of security firm Threatcare, told eWEEK that the "announcement comes out only a month after [Amazon’s acquisition of Whole Foods]. If this breach were public before the acquisition, it would have affected the share price of Whole Foods and would have complicated the deal," Carey claimed.

Version 1.8 of the open-source Kubernetes container orchestration and management platform was released Sept. 28, providing features that improve both scalability and security.

A key addition to Kubernetes 1.8 is role-based access control, which is now considered a stable technology. RBAC had been a beta technology since the Kubernetes 1.6 release in March. It links users and entity roles with the required level of access to a given component by determining API access of users, groups and service accounts.

"All major new features in Kubernetes proceed through three stages—Alpha, Beta [and] Stable—across select releases," Joe Brockmeier, Linux container strategist at Red Hat, told eWEEK. "Stable is the final stage, when a feature is considered ready for general production use." Also part of the RBAC implementation is an integration with escalation prevention capabilities to further reduce security risks.

According to Google’s latest Transparency Report released last week, between January and June, the U.S. government put in 16,823 requests with Google for user data belonging to 33,709 accounts—the most data the government has requested in any six-month period since the company started publishing its Transparency Report in 2010. Google produced at least some of the requested data 81 percent of the time.

The requests pertain to data belonging to users under criminal investigation or suspected of being a threat to national security interests.

In the U.S., many such requests are made under the Foreign Intelligence Surveillance Act. In all, governments worldwide made a total of 48,941 requests for data associated with 83,345 Google user accounts, making the U.S. government the highest requester, followed by Germany and then France.

Microsoft unveiled new cloud monitoring and analytics features in the Azure Monitor toolkit during its Ignite conference last week that help users decipher events in their logs and solve technical issues faster.

"You can now get at-a-glance reporting on the health and performance of all your cloud resources, from virtual machines to applications to individual lines of codes in the applications," according to Shiva Sivakumar, director of Program Management at Microsoft Azure Monitoring and Diagnostics. "Customers will be able to see notable issues across applications and infrastructure in a single place and navigate to them in context."

Also new is a real-time alerting feature that surfaces notifications from several services. The revamped "metrics exploration experience" allows users to overlay multiple metrics on a chart, and an IT service management action enables automation of creating work items in ITSM toolsets.