Hy-Vee Releases New Information About Recent Malware Issue
West Des Moines, IA - (KROC-AM News) - Hy-Vee has released an update on the malware issue it first revealed in August and it shows four sites in Rochester are among those that were affected.
Hy-Vee says it was determined the malware affected point-of-sale devices at some of its fuel pumps, drive-thru coffee shops, and restaurants.
The affected sites in Rochester area: Market Grille restaurants at Hy-Vee stores on W. Circle Dr. and 37th St NW and the pay-at-the-pump readers at both gas stations.
The malware searched for track data (which sometimes has the cardholder name in addition to card number, expiration date, and internal verification code) read from a payment card as it was being routed through the POS device. However, for some locations, the malware was not present on all POS devices at the location, and it appears that the malware did not copy data from all of the payment cards used during the period that it was present on a given POS device. There is no indication that other customer information was accessed.
The specific timeframes when data from cards used at these locations involved may have been accessed vary by location over the general timeframe beginning December 14, 2018, to July 29, 2019, for fuel pumps and beginning January 15, 2019, to July 29, 2019, for restaurants and drive-thru coffee shops. There are six locations where access to card data may have started as early as November 9, 2018, and one location where access to card data may have continued through August 2, 2019.
A list of the locations involved and specific timeframes is available here. The site also provides information about the incident and additional steps customers may take.
For those customers Hy-Vee can identify as having used their card at a location involved during that location's specific timeframe and for whom Hy-Vee has a mailing address or email address, Hy-Vee will be mailing them a letter or sending them an email.
Payment card transactions were not involved at our front-end checkout lanes; inside convenience stores; pharmacies; customer service counters; wine & spirits locations; floral departments; clinics; and all other food service areas which utilize point-to-point encryption technology, as well as transactions processed through Aisles Online.