[BreachExchange] Class action lawsuit filed against Hy-Vee over data breach

Destry Winant destry at riskbasedsecurity.com
Thu Oct 17 00:53:28 EDT 2019


https://www.kcrg.com/content/news/Class-action-lawsuit-filed-over-Hy-Vee-data-breach-563216961.html

CEDAR RAPIDS, Iowa (KCRG) - A class action has been filed in Illinois
against Hy-Vee, Inc., following a massive data breach that impacted
its gas stations, coffee shops and restaurants.

Between December 14, 2018, and July 29, 2019, the company said malware
accessed cards at fuel pumps for Hy-Vee gas stations and card payments
at restaurants and drive-thru coffee shops between January 15, 2019,
and July 29, 2019.

Hy-Vee announced the breach in August 2019 after it noticed
unauthorized activity on some of our payment processing systems. On
Oct. 3, Hy-vee shared additional details with customers about which
locations and services were impacted.

The complaint filed in the Central Illinois District Court by a
Pennsylvania-based law firm Tuesday says there was no way to avoid the
incident due to "Hy-Vee’s inadequate data security measures despite
the ever-growing threat of security breaches involving payment card
systems."

Click or tap here to read the full complaint.

Even though Hy-Vee published information the risk of security
breached, the claim also says the company did not take measures to
help customers who may have been impacted, "choosing instead to spread
out information about the breach over a series of months."

The lawsuit includes an expert who alleges more than 5 million
customers were impacted and their information is for sale on the dark
web. The company has not officially confirmed the number of debit and
credit cards impacted.

In a statement to KCRG-TV9, Hy-Vee said "We do not comment on pending
litigation."


More information about the BreachExchange mailing list