MARYVILLE, Mo. — In a news release made available Oct. 3 on the company’s website, Hy-Vee has confirmed that the fuel pumps at the Maryville Hy-Vee Gas station were part of a data breach that affected fuel pumps, drive-thru coffee shops and restaurants at several Hy-Vee locations.
The fuel pumps are the only points of sale at the Maryville location that may be under concern.
“After detecting unauthorized activity on some of our payment processing systems on July 29, 2019, we immediately began an investigation and leading cybersecurity firms were engaged to assist. We also notified federal law enforcement and the payment card networks,” according to the release.
The release stated that malware designed to access payment card data from cards used on point-of-sale devices was detected.
The specific timeframes when data may have been accessed vary by location, but according to the release, data from the Maryville Hy-Vee Gas fuel pumps may have been breached anywhere from Dec. 14, 2018 to July 29, 2019.
According to the release, for customers Hy-Vee can identify as having used their card at a location involved during that location's specific timeframe and for whom Hy-Vee has a mailing or email address, Hy-Vee will be mailing them a letter or sending them an email.
The company stated in the release that during the investigation, the malware was removed and enhanced security measures were implemented. The company is continuing to work with cybersecurity experts to evaluate additional ways to enhance the security of payment card data.
“In addition, we continue to support law enforcement’s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.”
The company suggests that it is always advisable to review payment card statements for unauthorized activity.
Anyone suspecting they may have been part of the data breach is encouraged to report any unauthorized charges to their card issuer.
In general, payment card rules provide that cardholders are not responsible for unauthorized charges reported in a timely manner.