Hy-Vee Supermarket Chain Issues “Notice of Payment Card Data Incident”

On August 14, 2019, Hy-Vee published a “Notice of Payment Card Data Incident,” which, among other things, stated that Hy-Vee is investigating:

. . . a security incident involving [its] payment processing systems that is focused on transactions at some Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants, as well as to provide information on the measures [Hy-Vee has] taken in response and steps customers may consider taking as well.

After recently detecting unauthorized activity on some of [its] payment processing systems, [Hy-Vee] immediately began an investigation with the help of leading cybersecurity firms. [Hy-Vee] also notified federal law enforcement and the payment card networks. [Hy-Vee believes] the actions [it has] taken [has] stopped the unauthorized activity on [its] payment processing systems. [Hy-Vee’s] investigation is focused on card transactions at our fuel pumps, drive-thru coffee shops, and restaurants (which include our Market Grilles, Market Grille Expresses and the Wahlburgers locations that Hy-Vee owns and operates). These locations have different point-of-sale systems than those located at [Hy-Vee] grocery stores, drugstores and inside [its] convenience stores, which utilize point-to-point encryption technology for processing payment card transactions. This encryption technology protects card data by making it unreadable. Based on [Hy-Vee’s] preliminary investigation, [Hy-Vee believes] payment card transactions that were swiped or inserted on these systems, which are utilized at [its] front-end checkout lanes, pharmacies, customer service counters, wine & spirits locations, floral departments, clinics and all other food service areas, as well as transactions processed through Aisles Online, are not involved. [Emphasis added.]

On August 15, 2019, supermarketnews.com reported (“Hy-Vee notifies customers of payment data breach“) that

Supermarket chain Hy-Vee has revealed that the credit card payment information of some of its customers has been exposed in a recent data breach. The exact number of customers and locations has not yet been determined.

The West Des Moines, Iowa-based operator of 245 stores says there was a “security incident” involving the payment processing systems at its fuel pumps, drive-through coffee shops and restaurants. The restaurants include its Market Grilles, Market Grille Express and company-owned Wahlburgers locations operating at its stores. [Emphasis added.]

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.