Hy-Vee declares card data hack after malware infected POS devices

An investigation spanning 2 months at Hy-Vee helped find that malicious software infecting its point-of-sale devices resulted in a data-hack detected in the summer, leaking consumers' payment card details. The probe, according to Hy-Vee which got assistance from prominent cyber-security companies, spotted malicious software contaminating the devices installed at the company's fuel pumps, restaurants as well as coffee shops one could drive through. The restaurants and coffee shops included Hy-Vee's Wahlburgers locations, Hy-Vee Market Grille Express, Hy-Vee Market Grille and the West Des Moines, Iowa HQ-situated cafeteria.

Hy-Vee doesn't tell how many customers possibly got impacted due to the hack. Nevertheless, it notes that no purchases with payment cards was affected when customers checked out at front lanes, or were buying from medical shops, clinics, convenience stores, floral departments, spirits and wine outlets, and consumer service counters. The remaining food service locations, which utilized point-to-point encryption mechanism and dealings that Aisles Online processed, too were safe from the malware. www.supermarketnews.com posted this, October 4, 2019.

Notably, there are 240+ retail shops that Hy-Vee operates within 8 Midwestern states namely Kansas, Iowa, Illinois, Nebraska, Missouri, Minnesota, Wisconsin and South Dakota. The company, during August, declared that an investigation into certain hack of credit and debit cards of customers, who were visiting certain restaurants, coffee shops and fuel pumps of Hy-Vee, detected illegitimate operation on a few payment processing machines located there.

Hy-Vee officials stated, when the investigation was on, they eliminated the malware while enforced improved security measures even as they were still working with security specialists for evaluation of increased methods of improving the payment card information's security. Besides, they were still receiving law enforcement's help while also dealing with various networks of payment cards in order that the credit and debit card issuing banks became aware and started off increased monitoring.

Meanwhile, Hy-Vee has decided to post letters of notification to its customers who swiped their cards in the POS devices at the malware-affected locations. The company has requested clients to inform their card issuing banks about any illegitimate transactions without delay. Hy-Vee has also posted additional details regarding the incident, online.

» SPAMfighter News - 10/14/2019