Hy-Vee Reveals Possible Data Breach Involving Payment Processing

US Supermarket retailer Hy-Vee warns customers of a possible data breach as the company detected unauthorized activity on its payment processing system.

The exact number of customers affected and their locations have not been determined yet as the company is on its ‘earlier stage of the investigation.’ However, the Iowa-based operator disclosed that PPS at its fuel pumps and drive-through coffee shops and restaurants are affected by this security incident.

“Our investigation is focused on card transactions at our fuel pumps, drive-thru coffee shops, and restaurants. These locations have different point-of-sales systems than those located at our grocery stores, drugstores and inside our convenience stores, which utilize point-to-point encryption technology for processing payment card transactions,” the statement said.

Hy-Vee Reveals Possible Data Breach Involving Payment Processing


According to USA Today, the Hy-Vee officials have already taken action to stop the unauthorized activity. They already contacted the authorities to investigate the incident.

Affected restaurants include Market Grilles, Market Grilles Express and Wahlburgers in Houston and 12 other locations.

Terminals used at grocery store checkout lanes, pharmacies, customer service counters, floral departments, clinics, and food service areas are not included in the Hy-Vee data breach.

The payment card networks were also notified in case the suspicious activity is spotted. The company has also contacted cybersecurity firms to handle the situation and to easily detect how the breach happened.

Nonetheless, Hy-Vee customers are being advised to monitor payment card statements for any suspicious activity.


Growing Threat of Data Breaches in Groceries

Data breach incidents are becoming retailers’ biggest threat since 2016. Hy-Vee isn’t the first grocery chain to have been attacked by criminals who are after the records of its customers. In 2014, retail chain SuperValu was charged by a class-action lawsuit due to failure to abide by industry standards payment processing systems practices. Approximately 40 million credit and debit card numbers were affected by the breach.

In addition to supermarkets, restaurants are also being targeted by criminals to steal sensitive information. Earlier this year, Dunkin Donuts announced data breach which affected more than 10 million DD Perks members. Hackers were able to gain access to customer accounts and sold information to Dark Web for profit.

The biggest data breach case this year is the Verifications.io unsecured database containing 982 million names, employers, home addresses and sensitive information. After the investigation, it is found out that the server was unsecured, which made it easier for hackers to steal data.