Supermarket chain Hy-Vee has published a warning to customers this week after staff discovered a security breach on some of its point-of-sale (PoS) systems.
The company said that card transactions made at Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants (Market Grilles, Market Grille Expresses, and Wahlburgers) may have been recorded by hackers.
"We believe the actions we have taken have stopped the unauthorized activity on our payment processing systems," a Hy-Vee spokesperson said.
PoS systems installed in Hy-Vee's more popular grocery stores, drugstores, and convenience stores were not impacted. The company said it was running a different PoS system in these locations, and that data processed on these PoS systems was encrypted and was "unreadable."
Payments made through Aisles Online, Hy-Vee web-based transactions system, were also not impacted, it said.
Hy-Vee cited the early stages of its investigation as the reason why it couldn't say what exact fuel pumps, drive-thru coffee shops, and restaurant locations were impacted.
The company promised an update later down the line, when it learns more.
In the meantime, Hy-Vee, which is one of the biggest supermarket chains in the US with over 250 stores, is warning customers who believe they might have had their card data swiped to check card statements at regular intervals for any suspicious transactions.
"If you see an unauthorized charge, immediately notify the financial institution that issued the card because cardholders are not generally responsible for unauthorized charges reported in a timely manner," it said in a message posted on its official website.
More data breach coverage:
- Spanish brothel chain leaves internal database exposed online
- Capital One hacker took data from more than 30 companies, new court docs reveal
- Voter records for 80% of Chile's population left exposed online
- State Farm says hackers confirmed valid usernames and passwords
- AT&T employees took bribes to plant malware on the company's network
- GitHub sued for aiding hacking in Capital One breach
- A hacker assault left mobile carriers open to network shutdown CNET
- 90% of data breaches in US occur in New York and California TechRepublic