Hy Vee data breach incident has been reported. It causes a dilemma for consumers. How did Hy Vee data breach happen?
An overview of Hy Vee
Hy Vee is a chain of supermarkets in the United States. It has more than 245 stores.
Some are in Minnessota, Nebraska, and Iowa. Their largest store is in Illinois.
Charles Hyde and David Vredenburg founded Hy Vee. It started in 1930.
They offer many services in their large stores. Such as bakeries, florals, food service, pharmacies, and health clinics. It has fuel stations with convenience stores and restaurants.
Hy Vee is an employee-owned business. The Employees’ Trust Fund had started in 1960. So, qualified employees share ownership of the company.
As the world goes digital, so are businesses. The online transaction began in the year 2000s for Hy Vee. They added communication with its customers through social networks.
At the end of 1949, there were 29 stores. But, in 2009, there were 228 stores! This number continues to grow.
Hy Vee Data Breach: the investigation
Hy Vee is investigating a data breach. The branches involved owned and operated by the company.
These are the details of affected services:
- Fuel pumps last December 14, 2018, and July 29, 2019
- Restaurants; and
- Drive-thru coffee shops on January 15, 2019, and July 29, 2019.
Meanwhile, other services were not affected by the Hy Vee data breach:
- Inside grocery terminal
- Convenience stores
The Hy Vee data breach has discovered in late July 2019. The announcement around August 2019. Millions of customers got affected by the said data breach.
What caused the Hy Vee data breach?
Malware, or malicious software, was identified during the investigation. It is a program designed to damage a computer system. Sometimes, it gains access to steal data.
The discovered malware has designed to access payment card data. This card had used POS or Point-of-Sale devices. Hy Vee fuel pumps, drive-thru coffee shops, and restaurants affected by the malware.
The company investigated the data breach. Law execution agencies did as well.
The malware gathers data from the payment cards. According to reports, these data were:
- the cardholders name
- card number
- end date
- internal verification code
Yet, the malware was not present in some locations. The malware did not copy data from all the payment cards. It did not access other customer information.
How did Hy Vee work with the problem?
Meanwhile, Hy Vee sent alerts to affected customers with contact details. They notified the payment card networks to aware banks issuing the payment card. The company also worked with cybersecurity experts.
They remove the malware during the investigation. They discussed how to improve security measures. Then, find more ways to increase the security of payment card data.
Customers have advised checking payment card transactions for any unusual activity. So, customers should report it right away.
But, Hy Vee set a location lookup tool. This tool helps to see what specific services are identified during the investigation. The specific time can be checked.
Today, cards have improved. Instead of swiping, they use a chip. It works along with a pin to verify first.