Hy-Vee provides update on data breach investigation

Hy-Vee provides update on data breach investigation Photo: MGN

Updated: November 07, 2019 05:30 PM

Hy-Vee has announced additional information about the investigation into a data breach it reported in August.

The company said it first detected unauthorized activity on some payment processing systems on July 29, and it immediately began an investigation and contacted both law enforcement and payment card networks.


Hy-Vee said its investigation identified malware designed to access payment card data on point-of-sale (POS) devices at certain fuel pumps, drive-thru coffee shops and restaurants, which was designed to search for track data from a payment card. However, in some locations, the malware wasn't present on all POS devices, and it appears the malware didn't copy data from all payment cards used during the period it was present, Hy-Vee said.

With that, the company said there's no indication that other customer information was accessed.

Hy-Vee warns customers of data breach

Hy-Vee said the specific timeframes when data from cards may have been accessed varies by location, but ranges from Dec. 14, 2018 to July 29, 2019. At six unspecified locations, access to card data may have started as eary as Nov. 9, 2018 and continued through Aug. 2, 2019.

According to the company, customers it identified as having used their card at a location involved during the timeframe, and for whom it has a mailing address or email address, will be mailed a letter or sent an email. 

The company reiterated that transactions at front-end checkout lanes, inside convenience stores, pharmacies, customer service counters, wine & spirits locations, floral departments, clinics, all other food service areas and Aisles Online were not affected by the malware. Hy-Vee also said the malware was removed during its investigation, and it has since implemented enhanced security measures.

Customers are still advised to review payment card statements and financial accounts for any unauthorized activity.

Hy-Vee has a list of additional steps you can take to help protect your accounts here. It also has a location look-up tool to see what specific places were affected by the malware here.

Connect with KSTP

Join the conversation on our social media platforms. Share your comments on our Facebook, Instagram, and Twitter pages.



Copyright 2019 - KSTP-TV, LLC A Hubbard Broadcasting Company


5 Minneapolis shootings kill 1, injure 5 others in 6 hours

Edina mayor sounds alarm amid spike in COVID-19 cases among youths

Excessive heat warning in effect for Twin Cities

Gov. Walz responds to disability service provider requests for emergency funding

DVS to make knowledge tests by appointment only

Investigators offer $50K reward for identification of post office arson suspects