[BreachExchange] Hy-Vee issues warning to customers after discovering point-of-sale breach

Destry Winant destry at riskbasedsecurity.com
Mon Aug 19 10:20:23 EDT 2019


Supermarket chain Hy-Vee has published a warning to customers this
week after staff discovered a security breach on some of its
point-of-sale (PoS) systems.

The company said that card transactions made at Hy-Vee fuel pumps,
drive-thru coffee shops, and restaurants (Market Grilles, Market
Grille Expresses, and Wahlburgers) may have been recorded by hackers.

"We believe the actions we have taken have stopped the unauthorized
activity on our payment processing systems," a Hy-Vee spokesperson

PoS systems installed in Hy-Vee's more popular grocery stores,
drugstores, and convenience stores were not impacted. The company said
it was running a different PoS system in these locations, and that
data processed on these PoS systems was encrypted and was

Payments made through Aisles Online, Hy-Vee web-based transactions
system, were also not impacted, it said.

Hy-Vee cited the early stages of its investigation as the reason why
it couldn't say what exact fuel pumps, drive-thru coffee shops, and
restaurant locations were impacted.

The company promised an update later down the line, when it learns more.

In the meantime, Hy-Vee, which is one of the biggest supermarket
chains in the US with over 250 stores, is warning customers who
believe they might have had their card data swiped to check card
statements at regular intervals for any suspicious transactions.

"If you see an unauthorized charge, immediately notify the financial
institution that issued the card because cardholders are not generally
responsible for unauthorized charges reported in a timely manner," it
said in a message posted on its official website.

More information about the BreachExchange mailing list