Hy-Vee says malware caused data breach

SIOUX FALLS, S.D. (KELO.com) — Hy-Vee says malware is the cause of the data breach at some of its fuel pumps, drive-thru coffee shops, and restaurants.

The Grocery Chain says it has removed the malware and implemented an enhanced security system. Hy-Vee doesn’t say how the malware was installed or if any suspects have been identified.

The malware captured cardholder names, numbers and verification codes.

Here’s a link to the locations where the breaches occurred:


Hy-Vee first reported the data breach in August 2019.

The general timeframes for when the breaches occurred vary by location, beginning December 14, 2018, to July 29, 2019 for fuel pumps and beginning January 15, 2019, to July 29, 2019, for restaurants and drive-thru coffee shops.