Hy-Vee, a chain of more than 245 supermarkets located throughout the Midwestern United States, is conducting an investigation into a data breach incident involving payment processing systems that is focused on transactions at some Hy-Vee fuel pumps, drive-thru coffee shops and restaurants.
After recently detecting unauthorized activity on some of payment processing systems, they began an investigation with the help of leading cybersecurity firms. Hy-Vee notified federal law enforcement and the payment card networks.
"We believe the actions we have taken have stopped the unauthorized activity on our payment processing systems. Our investigation is focused on card transactions at our fuel pumps, drive-thru coffee shops, and restaurants (which include our Market Grilles, Market Grille Expresses and the Wahlburgers locations that Hy-Vee owns and operates). These locations have different point-of-sale systems than those located at our grocery stores, drugstores and inside our convenience stores, which utilize point-to-point encryption technology for processing payment card transactions. This encryption technology protects card data by making it unreadable. Based on our preliminary investigation, we believe payment card transactions that were swiped or inserted on these systems, which are utilized at our front-end checkout lanes, pharmacies, customer service counters, wine & spirits locations, floral departments, clinics and all other food service areas, as well as transactions processed through Aisles Online, are not involved," says a press release.