Hy-Vee issues warning to customers after discovering point-of-sale breach

Company doesn't know what locations were impacted, but it's warning customers early so they can keep an eye out for suspicious transactions.
Written by Catalin Cimpanu, Contributor

Supermarket chain Hy-Vee has published a warning to customers this week after staff discovered a security breach on some of its point-of-sale (PoS) systems.

The company said that card transactions made at Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants (Market Grilles, Market Grille Expresses, and Wahlburgers) may have been recorded by hackers.

"We believe the actions we have taken have stopped the unauthorized activity on our payment processing systems," a Hy-Vee spokesperson said.

PoS systems installed in Hy-Vee's more popular grocery stores, drugstores, and convenience stores were not impacted. The company said it was running a different PoS system in these locations, and that data processed on these PoS systems was encrypted and was "unreadable."

Payments made through Aisles Online, Hy-Vee web-based transactions system, were also not impacted, it said.

Hy-Vee cited the early stages of its investigation as the reason why it couldn't say what exact fuel pumps, drive-thru coffee shops, and restaurant locations were impacted.

The company promised an update later down the line, when it learns more.

In the meantime, Hy-Vee, which is one of the biggest supermarket chains in the US with over 250 stores, is warning customers who believe they might have had their card data swiped to check card statements at regular intervals for any suspicious transactions.

"If you see an unauthorized charge, immediately notify the financial institution that issued the card because cardholders are not generally responsible for unauthorized charges reported in a timely manner," it said in a message posted on its official website.

These are the worst hacks, cyberattacks, and data breaches of 2018

More data breach coverage:

Editorial standards