WEST DES MOINES, Iowa — Hy-Vee is warning customers of a data breach that could affect customers who’ve used their credit cards at gas pumps, drive-thru coffee shops and restaurants.
The company says customers who used credit cards at cash registers or pharmacies are not impacted by the breach. They haven’t said how many customers may have had their financial data compromised.
The company released this statement on the data breach on Wednesday:
Hy-Vee takes the security of payment card data very seriously. We want to make customers aware of an investigation we are conducting into a security incident involving our payment processing systems that is focused on transactions at some Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants, as well as to provide information on the measures we have taken in response and steps customers may consider taking as well.
After recently detecting unauthorized activity on some of our payment processing systems, we immediately began an investigation with the help of leading cybersecurity firms. We also notified federal law enforcement and the payment card networks. We believe the actions we have taken have stopped the unauthorized activity on our payment processing systems. Our investigation is focused on card transactions at our fuel pumps, drive-thru coffee shops, and restaurants (which include our Market Grilles, Market Grille Expresses and the Wahlburgers locations that Hy-Vee owns and operates). These locations have different point-of-sale systems than those located at our grocery stores, drugstores and inside our convenience stores, which utilize point-to-point encryption technology for processing payment card transactions. This encryption technology protects card data by making it unreadable. Based on our preliminary investigation, we believe payment card transactions that were swiped or inserted on these systems, which are utilized at our front-end checkout lanes, pharmacies, customer service counters, wine & spirits locations, floral departments, clinics and all other food service areas, as well as transactions processed through Aisles Online, are not involved.
Because the investigation is in its earliest stages, we do not have any additional details to provide at this time. We will provide notification to our customers as we get further clarity about the specific timeframes and locations that may have been involved.
It is always advisable to closely monitor your payment card statements for any unauthorized activity. If you see an unauthorized charge, immediately notify the financial institution that issued the card because cardholders are not generally responsible for unauthorized charges reported in a timely manner. The phone number to call is typically located on the back of the payment card.