Hy-Vee says malware to blame in data breach

Hy-Vee says malware is the cause of the data breach at some of its fuel pumps, drive-thru coffee shops, and restaurants.

The grocery chain says it has removed the malware and implemented an enhanced security system. Hy-Vee didn’t say how the malware was installed or if any suspects have been identified.

The malware captured cardholder names, numbers and verification codes at a number of locations. That included pay at the pump at Hy-Vee Gas in Brookings from December of 2018 to the end of this July.

Hy-Vee first reported the data breach in August 2019.

Customers who may have been involved in the breach and for whom Hy-Vee has a mailing or email address will be notified.

You can check which locations were hit on Hy-Vee’s website.

Even if you haven’t been notified, it’s wise to check your statements for any suspicious activity.