Hy-Vee, Inc. announced on Wednesday that the company was conducting an investigation into a data incident involving its payment processing systems.
Hy-Vee officials said the investigation is focused on transactions at some Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants. They have been working with cybersecurity firms and law enforcment since the incident was first noticed.
Company officials said they believe the actions they have taken have stopped the unauthorized activity. They also noted that the locations where these actions may have occurred have different point-of-sale systems than those located at the Hy-Vee grocery stores, drugstores and inside their convenience stores, which utilize point-to-point encryption technology for processing payment card transactions.
"This encryption technology protects card data by making it unreadable," said Hy-Vee Spokesperson Tina Potthoff. "Based on our preliminary investigation, we believe payment card transactions that were swiped or inserted on these systems, which are utilized at our checkout lanes, pharmacies, customer service counters, wine & spirits locations, floral departments, clinics and all other food service areas are not involved."
Potthoff said the company will provide notification to customers as they get further clarity about the specific timeframes and locations that may have been involved.
If an unauthorized charge is noticed, Hy-Vee officials urged customers to immediately notify their financial institution that issued their card because cardholders are not generally responsible for unauthorized charges reported in a timely manner. The phone number to call is typically located on the back of the payment card.
For more information, go to hy-vee.com/protectingourcustomers.