Hy-Vee is the latest company reporting a data breach.
Just this week, customers impacted by the security incident received a letter detailing the incident and how they could protect their payment card information.
“After detecting unauthorized activity on some of our payment processing systems on July 29, 2019, we immediately began an investigation and leading cybersecurity firms were engaged to assist. We also notified federal law enforcement and the payment card networks,” states the letter.
It goes on to say their investigation “identified the operation of malware designed to access payment card data from cards used on point-of-sale (“POS”) devices at certain Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants.”
Transactions at the checkout lanes, pharmacies, customer service counters, floral departments, convenience stores and clinics were not involved in the security incident.
The data breach occurred at various fuel pump locations beginning Dec. 14, 2018 to July 29, 2019 and at restaurants including Hy-Vee Market Grilles, Hy-Vee Market Grille Expresses and Wahlburgers beginning Jan. 15, 2019 to July 29, 2019.
Additionally, there were half a dozen locations which may have been compromised as early as Nov. 9, 2018.
Hy-Vee is notifying customers who used their Hy-Vee Fuel Saver card to make a purchase at locations where access to card data occurred.
“During the investigation, we removed the malware and implemented enhanced security measures,” states the letter. “We continue to work with cybersecurity experts to evaluate additional ways to enhance the security of payment card data at our locations.”
“In addition, we continue to support law enforcement’s investigation and are working with the payment card networks so that the banks that issue payment cards can be make aware and initiate heightened monitoring,” the company says.
