DES MOINES, Iowa—Compromised gas pumps, coffee shops and restaurants operated by Hy-Vee – which operates more than 245 supermarkets throughout the Midwest – may have led to more than 5.3 million credit and debit accounts being exposed and sold online.
According to KrebsOnSecurity, Hy-Vee announced earlier this month it was investigating a data breach involving its payment processing systems. The restaurants affected include Hy-Vee Market Grilles, Market Grille Expresses and Wahlburgers locations that the company owns and operates. Hy-Vee said it was too early to tell when the breach initially began or for how long intruders were inside their payment systems, Krebs stated.
Krebs said Hy-Vee stated that it believes the breach does not affect payment card terminals used at its grocery store checkout lanes, pharmacies or convenience stores, as these systems rely on a security technology designed to defeat card-skimming malware.
Company’s Response
“These locations have different point-of-sale systems than those located at our grocery stores, drugstores and inside our convenience stores, which utilize point-to-point encryption technology for processing payment card transactions,” Hy-Vee said. “This encryption technology protects card data by making it unreadable. Based on our preliminary investigation, we believe payment card transactions that were swiped or inserted on these systems, which are utilized at our front-end checkout lanes, pharmacies, customer service counters, wine and spirits locations, floral departments, clinics and all other food service areas, as well as transactions processed through Aisles Online, are not involved.”