Security & Fraud

Hy-Vee Says Customer Credit Card Info Was Compromised

Hy-Vee Said Customer Credit Card Info Was Compromised

Des Moines, Iowa-based supermarket chain Hy-Vee said credit card information for an undisclosed number of customers were exposed in a data breach, according to reports.

“Hy-Vee takes the security of payment card data very seriously,” the company said in a statement on its website. “We want to make customers aware of an investigation we are conducting” into some transactions.

The number of locations that were affected is unknown. Hy-Vee operates 245 stores and called the breach a “security incident” that was related to payment processing systems at fuel pumps, drive-thru coffee shops and restaurants, which are on a different system than the in-store ones. 

Hy-Vee restaurants include Market Grilles, Market Grille Express and Wahlburgers. 

“After recently detecting unauthorized activity on some of our payment processing systems, we immediately began an investigation with the help of leading cybersecurity firms. We also notified federal law enforcement and the payment card networks. We believe the actions we have taken have stopped the unauthorized activity on our payment processing systems,” the company said.

The systems that are being investigated for the data breach use point-to-point encryption, which supposedly makes seeing card data virtually impossible.

“Based on our preliminary investigation,” Hy-Vee said, “we believe payment card transactions that were swiped or inserted on these systems, which are utilized at our front-end checkout lanes, pharmacies, customer service counters, wine & spirits locations, floral departments, clinics and all other food service areas, as well as transactions processed through Aisles Online, are not involved.”

The company said it would reach out to customers when more information became available. 

“It is always advisable to closely monitor your payment card statements for any unauthorized activity. If you see an unauthorized charge, immediately notify the financial institution that issued the card because cardholders are not generally responsible for unauthorized charges reported in a timely manner. The phone number to call is typically located on the back of the payment card,” the company said.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.