Jefferson Hy-Vee

The Jefferson Hy-Vee location was recently included in the grocery store’s list of locations affected in this summer’s data breach.

During the investigation first reported on August 14th, unauthorized activity was detected on some of Hy-Vee’s payment processing systems on July 29th. It was discovered that malware was implemented through the point-of-sale (POS) devices to access payment card data. The devices that were found to have malware included some Hy-Vee fuel pumps, drive-thru coffee shops, Market Grilles, Market Grille Expresses and Wahlburgers.  The Market Grille in Jefferson was affected from January 15th to July 17th.

The malware did not copy data from all of the payment cards used during the time period that was present on the POS device. Time frames vary, but most of the issues occurred between December 14, 2018 to July 29, 2019 for fuel pumps and January 15th to July 29th for restaurants and drive-thru coffee shops. For those customers Hy-Vee identified having used their card at a location involved during its specific timeframe and for whom Hy-Vee has a mailing address or email address, Hy-Vee will be notifying them.

The malware was removed and enhanced security measures have been put in place. Hy-Vee officials are also recommending to customers to review bank statements for unauthorized activity.