Iowa-based grocery store chain Hy-Vee announced Wednesday, Aug 15, it has suffered from a data breach involving payment card systems.
In a report from AP News, the company has launched an investigation with cybersecurity experts after detecting unauthorized activity on some of its payment processing systems. It has also notified federal law enforcement regarding the said issue.
“We believe the actions we have taken have stopped the unauthorized activity on our payment processing systems,” the company assured in a statement.
According to Supermarket News, the investigation focused on card payments at Hy-vee restaurants, fuel pumps, and coffee shops, which use different point-of-sale systems than those of Hy-Vee’s grocery, liquor, and drug stores.
“Based on our preliminary investigation,” Hy-Vee said, “we believe payment card transactions that were swiped or inserted on these systems, which are utilized at our front-end checkout lanes, pharmacies, customer service counters, wine & spirits locations, floral departments, clinics and all other food service areas, as well as transactions processed through Aisles Online, are not involved,” the company clarified.
Since the investigation is still in its early stage, the company admitted they cannot share any other further details about the breach. However, Hy-Vee ensured it will notify its customers once they “get further clarity about the specific timeframes and locations that may have been involved.”
Founded in 1930, the grocery store chain now operates in Iowa, Illinois, Kansas, Minnesota, Missouri, Nebraska, South Dakota, and Wisconsin.
In the same statement, the company has advised customers to “closely monitor” their payment card statements for any unauthorized activity.
“If you see an unauthorized charge, immediately notify the financial institution that issued the card because cardholders are not generally responsible for unauthorized charges reported in a timely manner. The phone number to call is typically located on the back of the payment card.”