Hy-Vee details payment system breach

Oct. 3, 2019

All seven Hy-Vee locations in Sioux Falls were affected in some way by malware that was installed on payment processing systems at fuel pumps and Market Grille restaurants.

In a news release issued Thursday, the Iowa-based grocery chain detailed the extent of the incident, which it discovered July 29 and reported to the public Aug. 14.

Locations across the company’s eight-state footprint were affected. The malware was designed to access payment card data, and was installed at certain fuel pumps, drive-thru coffee shops and restaurants. Payment card transactions were not affected at front-end checkout lanes, registers in other departments and inside convenience stores.

Here’s a list detailing the effects in Sioux Falls.

A list of all locations involved is available at hy-vee.com/paymentcardincident. See the full news release, by clicking here. 

“The malware searched for track data – which sometimes has the cardholder name in addition to card number, expiration date, and internal verification code – read from a payment card as it was being routed through the POS device,” the company said. “However, for some locations, the malware was not present on all POS devices at the location, and it appears that the malware did not copy data from all of the payment cards used during the period that it was present on a given POS device. There is no indication that other customer information was accessed.”

Once the malware was discovered, it was removed, and the company implemented additional security measures, according to the news release.

“In addition, we continue to support law enforcement’s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.”

Hy-Vee urged customers to review payment card statements for unauthorized activity.

“For those customers Hy-Vee can identify as having used their card at a location involved during that location’s specific timeframe and for whom Hy-Vee has a mailing address or email address, Hy-Vee will be mailing them a letter or sending them an email.”

Customers with questions can call 833-967-1091 from 8 a.m. to 8 p.m. weekdays.

Tags:  

Want to stay in the know?

Get our free business news delivered to your inbox.



Hy-Vee details payment system breach

All seven Hy-Vee locations were affected in some way by malware that was installed on payment processing systems at fuel pumps and Market Grille restaurants.

News Tip

Have a business news item to share with us?

Scroll to top