Posted on

Charles City Hy-Vee locations not among data breach

By Bob Steenson, bsteenson@charlescitypress.com

The Hy-Vee grocery store and convenience store in Charles City were not among those affected by a data breach earlier this year, according to information from the company.

The company released a searchable database of locations that had been “hacked” beginning in December 2018 through July this year. The two Charles City Hy-Vee sites are not listed on that database.

Area stores that are listed as being affected are the pay at the pump card readers at the Hy-Vee convenience store in east Mason City; the Market Grille and pay at the pump card readers at four locations in Waterloo; and the pay at the pump and Market Grille at two locations in Cedar Falls.

The Hy-Vee grocery store in Waverly was not affected.

The company said it immediately began an investigation into unauthorized activity on some of its payment processing systems as soon as it was discovered on July 29.

“Leading cybersecurity firms were engaged to assist,” the company said. “We also notified federal law enforcement and the payment card networks.”

The investigation identified malware that was designed to access information from card readers at locations including some Hy-Vee fuel pumps, drive-thru coffee shops and restaurants operated by Hy-Vee.

The malware attempted to copy the cardholder’s name, card number, expiration date and verification code, according to Hy-Vee.

Even at locations where the malware was found, it wasn’t always found on all card readers at that location, and it didn’t capture information from all cards that were used.

In cases where Hy-Vee was able to identify the owner of cards that may have been compromised, it is sending them an email or letter if it has their email or postal address, the company said.

“Payment card transactions were not involved at our front-end checkout lanes, inside convenience stores, pharmacies, customer service counters, wine and spirits locations, floral departments, clinics, and all other food service areas which utilize point-to-point encryption technology,” the company said.

“We removed the malware and implemented enhanced security measures, and we continue to work with cybersecurity experts to evaluate additional ways to enhance the security of payment card data,” the company said.

“In addition, we continue to support law enforcement’s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.”

Hy-Vee advised customers to always monitor their payment card statements for unauthorized activity and report such activity to their card issuer using the telephone number that is usually listed on the back of the card.

The list of all Hy-Vee locations affected can be found at www.hy-vee.com/paymentcardincident.

Hy-Vee operates more than 240 retail stores in eight Midwestern states — Iowa, Illinois, Kansas, Minnesota, Missouri, Nebraska, South Dakota and Wisconsin.

The incident database shows that 109 cities in the eight states had Hy-Vees where data breaches occurred, including 40 cities in Iowa.

Social Share

LATEST NEWS