Skip to main content
close search
site logo
Dive Brief

Hy-Vee releases findings from data breach investigation

Published Oct. 7, 2019
Krishna Thakker's headshot
Krishna Thakker Associate Editor
Wikimedia Commons

Dive Brief:

  • After detecting a customer payment data incident in July, Hy-Vee completed an investigation that found its payment systems were breached by malware, according to a press release
  • The malware attacked certain point-of-sale systems at Hy-Vee fuel pumps, drive-thru coffee shops, Market Grille and Wahlburgers restaurants and the cafeteria at the company's corporate headquarters in West Des Moines, Iowa. The malware searched for track data, which can include cardholder names, card numbers, expiration dates and security codes.
  • Front-end checkout lanes, pharmacies, customer service counters, floral departments, clinics, wine and spirit locations were not affected. The malware attack took place on some cards used from December 14, 2018 to July 29, 2019 at fuel pumps and January 15, 2019 to July 29, 2019 at restaurants and drive-thru coffee shops.

Dive Insight:

After detecting some unauthorized activity on July 29, 2019, Hy-Vee notified federal law enforcement and payment card networks and began investigating the issue. The retailer has since removed the malware, implemented tighter security measures and worked with cybersecurity experts to find better ways to prevent this from happening in the future. 

Data breaches of retailer payment systems are fairly common and can be difficult to stop, as malware is constantly adapting. However, the grocer's quick response to the breach and transparency with customers during the process should keep its reputation in good standing, which is important for the popular Midwest grocer. 

In 2017, Target forked over an $18.5 million settlement to 47 states due to a 2013 data breach that affected 110 million customers. Also in 2017, the taprooms and restaurants at several Whole Foods stores were hit by a credit card hack. Payment system data breaches not only cost companies millions of dollars, but can also put customers' trust in the grocer at risk if they don't feel secure shopping. 

Retailers are also collecting more data now than in previous years in order to personalize the grocery experience, but more data means more risk if a grocer is hacked. Companies need to be responsible in safeguarding that information, Lillian Hardy, partner at law firm Hogan Lovells, told Retail Dive.

Employees should also be trained to look out for data breaches and refrain from sending confidential information over platforms like email, Retail Dive reported. Retailers should prepare for cybersecurity attacks throughout all departments of the company and should also vet the security of third-party partners.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
RDSolutions Unveils Rebrand and Comprehensive Service Suite to Optimize Retail Performance and…
From RDSolutions
November 05, 2024
UNFI and Climate Collaborative Partner to Launch Regenerative Transition Community of Practice
From Climate Collaborative
October 21, 2024
UPM Specialty Papers and Eastman introduce paper-based food packaging solution with compostabl…
From UPM Specialty Papers
October 31, 2024
Editors' picks
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell