Skip to content ↓ | Skip to navigation ↓

A supermarket chain based in the Midwestern United States notified customers of a data incident that potentially involved their payment cards.

On 14 August, Hy-Vee revealed it was investigating a security incident that affected its payment systems responsible for processing transactions at its fuel pumps, drive-thru coffee shops and restaurants.

Hy-Vee, which operates 245 branches in Iowa, Kansas, Minnesota, Missouri, Nebraska, South Dakota and Wisconsin, noted that those payment processing systems potentially affected by the security incident were different than those it used at its drug store, grocery stores, convenience stores and other locations. The supermarket chain clarified that the security event had not affected customer data processed on those other systems. Even so, it did not discuss how long the security event had lasted, which branches it had affected or how bad actors had gained access to those systems in the first place.

The company explained in its notice that it had taken several steps to respond to the data incident:

After recently detecting unauthorized activity on some of our payment processing systems, we immediately began an investigation with the help of leading cybersecurity firms. We also notified federal law enforcement and the payment card networks. We believe the actions we have taken have stopped the unauthorized activity on our payment processing systems.

It also said it would provide additional details to customers once it learned of them.

Customers whom the incident might have affected should heed Hy-Vee’s advice and review their payment card statements for unusual activity. If they see anything suspicious, they should notify their card’s issuer as soon as possible.

Potential victims should also consider protecting their information against identity thieves in general. They can do this by using a VPN and protecting each of their web accounts with a strong password. For additional recommendations on how to counter identity thieves, click here.