Hy-Vee says malware is the cause of the data breach at some of its fuel pumps, drive-thru coffee shops, and restaurants.
The grocery chain says it has removed the malware and implemented an enhanced security system. Hy-Vee didn’t say how the malware was installed or if any suspects have been identified.
The malware captured cardholder names, numbers and verification codes at a number of locations. That included pay at the pump at Hy-Vee Gas in Brookings from December of 2018 to the end of this July.
Hy-Vee first reported the data breach in August 2019.
Customers who may have been involved in the breach and for whom Hy-Vee has a mailing or email address will be notified.
You can check which locations were hit on Hy-Vee’s website.
Even if you haven’t been notified, it’s wise to check your statements for any suspicious activity.