Earlier this week, US supermarket chain, Hy-Vee announced that a data breach may be affecting payment processing systems at certain points of sale.
Among facilities thought to be impacted by the breach are the supermarket’s fuel pumps and drive-through coffee shops. Market Grilles, Market Grill Express and Hy-Vee’s Wahlburgers are among restaurants that could be affected.
Representatives of Hy-Vee have said it is too early to tell how many consumers’ private details have been caught up in the breach. It is also not yet known when the breach may have taken place, or when payment card data was exposed.
Upon discovering the unauthorised activity, Hy-Vee sent notification to federal law agencies and credit card companies.
In a statement, Hy-Vee said:
“Our investigation is focused on card transactions at our fuel pumps, drive-thru coffee shops, and restaurants.
“These locations have different point-of-sale systems than those located at our grocery stores, drugstores and inside our convenience stores, which utilize point-to-point encryption technology for processing payment card transactions.”
“We believe the actions we have taken have stopped the unauthorized activity on our payment systems.”
The company has said that terminals used at grocery store checkouts, chemists, customer service counters, drinks stores, floral departments and other food service areas have not been impacted by the data breach.
Customers have been advised to check their financial records for any trace of suspicious activity.
Hy-Vee has said it will “provide notification to our customers as we get further clarity about the specific timeframes and locations that may have been involved.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/