Hy-Vee investigating possible customer data breach at some terminals

To The Press

Hy-Vee is investigating the possibility that some customer payment information may have been compromised at places the company accepts payment cards, according to a statement the company issued Wednesday.

The places that may have been involved are Hy-Vee fuel pumps, drive-thru coffee shops and restaurants, the company said. These places use different systems than those in the company’s grocery stores, convenience store checkouts and drugstores.

“After recently detecting unauthorized activity on some of our payment processing systems, we immediately began an investigation with the help of leading cybersecurity firms,” the company said. “We also notified federal law enforcement and the payment card networks. We believe the actions we have taken have stopped the unauthorized activity on our payment processing systems.”

The restaurants where payments are being investigated are Hy-Vee’s Market Grille, Market Grill Express and Wahlburgers that Hy-Vee owns and operates.

Grocery stores, drugstores and convenience store inside checkouts were not involved because they use point-to-point encryption technology for processing payment card transactions that protects card data by making it unreadable, the company said.

“Hy-Vee takes the security of payment card data very seriously. We will provide notification to our customers as we get further clarity about the specific time frames and locations that may have been involved,” He-Vee said.

“It is always advisable to closely monitor your payment card statements for any unauthorized activity,” the company said.

“If you see an unauthorized charge, immediately notify the financial institution that issued the card because cardholders are not generally responsible for unauthorized charges reported in a timely manner. The phone number to call is typically located on the back of the payment card,” Hy-Vee said.