Hy-Vee investigating possible theft of customer credit card information

Hy-Vee announced on Wednesday it is investigating a suspected data breach after “recently detecting unauthorized activity on some of our payment processing systems.”

“Our investigation is focused on card transactions at our fuel pumps, drive-thru coffee shops, and restaurants (which include our Market Grilles, Market Grille Expresses and the Wahlburgers locations that Hy-Vee owns and operates),” the company said in a written statement. “These locations have different point-of-sale systems than those located at our grocery stores, drugstores and inside our convenience stores, which utilize point-to-point encryption technology for processing payment card transactions.”

Hy-Vee said it currently doesn’t believe transactions made using point-to-point encryption — including purchases made at their supermarket registers — are involved.

In a point-to-point encryption system, payment card data is encrypted inside a card reader, as soon as customers insert or swipe their cards. That encrypted information can only be read by the bank that issued the card, and not by the store where the sale is made or by anyone accessing the store’s computers.

The Iowa-based supermarket chain, which has more than 245 stores in eight Midwestern states, said, “We believe the actions we have taken have stopped the unauthorized activity,” but did not provide any information on where or when that activity occurred.

Hy-Vee said it has informed “federal law enforcement and the payment card networks” about the unauthorized activity.

In its statement, the company said it recommends that customers monitor their credit card and bank statements for suspect activity.