WEST DES MOINES, Iowa (KCAU) – Hy-Vee is investigating a security incident involving their payment processing systems, primarily focused on card transactions at their fuel pumps, drive-thru coffee shops, and some restaurants.
In a statement, Hy-Vee said they said that when they detected unauthorized activity on some of their payment processing systems, they immediately notified law enforcement and payment card networks and started investigating the activity. They believe they have stopped the unauthorized activity.
The investigation into the unauthorized activity is focused at their fuel pumps, drive-thru coffee shops, and restaurants. The restaurants involved include their Market Grilles, Market Grille Expresses and the Wahlburgers locations. They said that the investigation is because the locations have different point-of-sale systems than those at their grocery stores, drugstores and convenience stores.
Transactions made through their checkout lanes, pharmacies, customer service counters, wine & spirits locations, floral departments, clinics and other food service areas, as well as processed through Aisles Online, are not involved.
Hy-Vee recommends that people monitor their payment card statements for unauthorized activity and if you see any unauthorized charges, to notify the company that issued the card.
The company said they will provide notification to customers as we get more information about the incident.
More information can be found by clicking here.
Read Hy-Vee’s full statement below:
Hy-Vee takes the security of payment card data very seriously. We want to make customers aware of an investigation we are conducting into a security incident involving our payment processing systems that is focused on transactions at some Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants, as well as to provide information on the measures we have taken in response and steps customers may consider taking as well.
After recently detecting unauthorized activity on some of our payment processing systems, we immediately began an investigation with the help of leading cybersecurity firms. We also notified federal law enforcement and the payment card networks. We believe the actions we have taken have stopped the unauthorized activity on our payment processing systems. Our investigation is focused on card transactions at our fuel pumps, drive-thru coffee shops, and restaurants (which include our Market Grilles, Market Grille Expresses and the Wahlburgers locations that Hy-Vee owns and operates). These locations have different point-of-sale systems than those located at our grocery stores, drugstores and inside our convenience stores, which utilize point-to-point encryption technology for processing payment card transactions. This encryption technology protects card data by making it unreadable. Based on our preliminary investigation, we believe payment card transactions that were swiped or inserted on these systems, which are utilized at our front-end checkout lanes, pharmacies, customer service counters, wine & spirits locations, floral departments, clinics and all other food service areas, as well as transactions processed through Aisles Online, are not involved.
Because the investigation is in its earliest stages, we do not have any additional details to provide at this time. We will provide notification to our customers as we get further clarity about the specific timeframes and locations that may have been involved.
It is always advisable to closely monitor your payment card statements for any unauthorized activity. If you see an unauthorized charge, immediately notify the financial institution that issued the card because cardholders are not generally responsible for unauthorized charges reported in a timely manner. The phone number to call is typically located on the back of the payment card.