Information stolen from Hy-Vee customers has appeared in a popular carding forum, with 5.3 million cardholder accounts now up for sale.
As previously reported by ZDNet, the supermarket chain issued a warning to customers on August 14 which explained that a data breach had occurred at point-of-sale (PoS) systems used by the firm's fuel pumps, coffee shops, and restaurants including Market Grilles, Market Grille Expresses, and Wahlburgers.
However, PoS systems used by Hy-Vee grocery stores, drugstores, and convenience stores are not believed to have been affected.
Typically, PoS platforms are compromised through the installation of RAM scanners which are able to harvest payment card details once they have been swiped. This stolen data is then remotely transferred to a server controlled by an attacker and may be offered for sale as part of a data dump or used to create clone cards.
It is not known who is behind the data breach, nor how long they were lurking on the firm's systems. Iowa-based Hy-Vee has launched an investigation and asked customers to keep an eye on their bank statements for fraudulent transactions.
"If you see an unauthorized charge, immediately notify the financial institution that issued the card because cardholders are not generally responsible for unauthorized charges reported in a timely manner," the company said.
Now, it seems that customers may, indeed, be at risk, as reported by KrebsOnSecurity.
According to security expert Brian Krebs, 5.3 million accounts belonging to cardholders in 35 US states are being advertised as for sale on the popular underground marketplace Joker's Stash.
Two unnamed sources told Krebs that the dump is being sold under the name "Solar Energy" in a data dump, with card account records on offer for between $17 and $35 each.
A Hy-Vee spokesperson told Krebs that the company is aware of reports that customer data is up for sale, and "[is] working with the payment card networks so that they can identify the cards and work with issuing banks to initiate heightened monitoring on accounts."
For consumers, this means that keeping an eye on bank accounts and credit reports is of importance. The sooner you know your card has been compromised, the quicker your bank can take action to remedy any fraudulent transactions or charges.
Previous and related coverage
- A data breach forced this family to move home and change their names
- 700,000 Choice Hotels records leaked in data breach, ransom demanded
- Suspected Capital One hacker requests release from jail on health grounds
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0