MINNEAPOLIS (WCCO) — Hy-Vee is offering new details on a security breach that affected the system that processes payments at its fuel pumps, coffee shops and restaurants.
According to the company, they detected unauthorized activity on payment processing systems on July 29 and recruited cybersecurity firms to assist in their investigation, and notified federal law enforcement.
The malware searched for track data — such as card numbers, cardholder names, expiration dates and internal verification codes.
“However, for some locations, the malware was not present on all (point-of-sale) devices at the location, and it appears that the malware did not copy data from all of the payment cards used during the period that it was present on a given POS device. There is no indication that other customer information was accessed,” the company reported in a release.
Hy-Vee said that customer data could have been accessed from as long ago as Dec. 14, 2018 at some locations’ fuel pumps, and as long ago as Jan. 15, 2019 at restaurants and drive-thru coffee shops.
“There are six locations where access to card data may have started as early as November 9, 2018, and one location where access to card data may have continued through August 2, 2019,” Hy-Vee reported.
Hy-Vee said that customers with concerns about their information can check which locations were affected; you can access that site by clicking here.