Security & Fraud

Hy-Vee Says Customer Credit Card Info Was Compromised

Hy-Vee Said Customer Credit Card Info Was Compromised

Des Moines, Iowa-based supermarket chain Hy-Vee said credit card information for an undisclosed number of customers were exposed in a data breach, according to reports.

“Hy-Vee takes the security of payment card data very seriously,” the company said in a statement on its website. “We want to make customers aware of an investigation we are conducting” into some transactions.

The number of locations that were affected is unknown. Hy-Vee operates 245 stores and called the breach a “security incident” that was related to payment processing systems at fuel pumps, drive-thru coffee shops and restaurants, which are on a different system than the in-store ones. 

Hy-Vee restaurants include Market Grilles, Market Grille Express and Wahlburgers. 

“After recently detecting unauthorized activity on some of our payment processing systems, we immediately began an investigation with the help of leading cybersecurity firms. We also notified federal law enforcement and the payment card networks. We believe the actions we have taken have stopped the unauthorized activity on our payment processing systems,” the company said.

The systems that are being investigated for the data breach use point-to-point encryption, which supposedly makes seeing card data virtually impossible.

“Based on our preliminary investigation,” Hy-Vee said, “we believe payment card transactions that were swiped or inserted on these systems, which are utilized at our front-end checkout lanes, pharmacies, customer service counters, wine & spirits locations, floral departments, clinics and all other food service areas, as well as transactions processed through Aisles Online, are not involved.”

The company said it would reach out to customers when more information became available. 

“It is always advisable to closely monitor your payment card statements for any unauthorized activity. If you see an unauthorized charge, immediately notify the financial institution that issued the card because cardholders are not generally responsible for unauthorized charges reported in a timely manner. The phone number to call is typically located on the back of the payment card,” the company said.


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The PYMNTS Next-Gen AP Automation Tracker, is a monthly report that highlights the most recent accounts payable developments and automated solutions that are disrupting how businesses process invoices, track spending and earn rebates on transactions.


To Top