Hy-Vee is investigating an unspecified “security incident” involving credit card readers at some Hy-Vee fuel pumps, drive-thru coffee shops and restaurants.
The West Des Moines-based grocery chain says it doesn’t believe its credit card readers at grocery stores, drugstores and convenience stores have been compromised. These have higher-end encryption security systems.
“Based on our preliminary investigation, we believe payment card transactions that were swiped or inserted on these systems, which are utilized at our front-end checkout lanes, pharmacies, customer service counters, wine and spirits locations, floral departments, clinics and all other food service areas, as well as transactions processed through Aisles Online, are not involved,” Hy-Vee said in a statement released Wednesday.
Instead, the investigation is focused on card transactions that occurred at fuel pumps, drive-thru coffee shops and restaurants.
Hy-Vee said it detected unauthorized activity on some of its payment processing systems in late July and immediately launched an investigation with the assistance of a cybersecurity firm. The store also has notified federal law enforcement officials and payment card networks.
“We believe the actions we have taken have stopped the unauthorized activity,” the company said in the statement. “Because the investigation is in its earliest stages, we do not have additional details to release at this time.”
It’s too early in the investigation, a Hy-Vee spokeswoman said, to determine how many people’s payment card data may have been involved.
As the company learns more it will release additional information, including on the time frames and locations involved.
As is routine with personal financial security, Hy-Vee advised customers to monitor credit and debit card statements for unauthorized activity. If you see an unauthorized charge, notify the issuer of the card quickly to avoid being held responsible for the charge.