- Hy-Vee discovered unauthorized access to their payment processing systems and made it public.
- The company is carrying out an investigation with the help of an infosec expert.
- Hy-Vee customers should monitor their transactions and immediately report fraudulent ones.
Hy-Vee has issued a warning of a payment data breach for their customers, urging them to monitor the activity of their bank accounts closely. The supermarket chain company which operates more than 245 branches in Iowa, Kansas, Minnesota, Missouri, Nebraska, South Dakota, and Wisconsin, has discovered an incident of unauthorized activity on their payment processing systems. Upon this discovery, Hy-Vee notified the law enforcement authorities and contracted a cybersecurity expert to help them conduct an in-depth internal investigation. Right now, not many details about what happened can be made public as the investigation has just begun.
The company said that they are currently focusing on card transactions that occurred at their fuel pumps, the drive-thru coffee shops and restaurants, and all of their “Market Grilles”, “Market Grilles Express”, and the “Wahldurgers” locations. The element that makes these locations more vulnerable than the payment processing systems that are inside the Hy-Vee drugstores and convenience stores is that the latter deploy a state of the art encryption technology. Even if someone had stolen data from these points of sale, the data would be unreadable and thus non-exploitable. Similarly, purchases that were made through the “Aisles Online” system are also safe.
That said, if you have made any purchases on one of the points that are deemed as vulnerable by Hy-Vee, you should monitor the activity of your account and report any suspicious transactions to your card issuer. If you do so in a timely manner, your financial institution will be obliged to retract the fraudulent transaction and undo the financial losses. If you neglect it for a while, however, it will pass through irreversibly. If you feel nervous about this, you may call your bank and apply an account freeze until more details about the breach surface. Hy-Vee promised to update its customers as soon as their investigation yields its first reliable results, so stay tuned.
Remember, PoS (Point of Sale) malware is on the rise right now, so you should be very careful when paying on terminals by swiping your card. If you can pay with cash on the register, go with this option as it’s a lot safer. In any other case, you are relying solely on the security measures of the shop you are visiting, trusting them with your card number, expiration date, CVV, and cardholder name. Unfortunately, there are still quite a lot of retail shops that aren’t worth this trust.