Advertisement

Two Iowans added as plaintiffs in class action lawsuit over Hy-Vee’s data breach

  • 21
    Shares

Hy-Vee Gas, 1103 N Dodge St, Iowa City. — Emma McClatchey/Little Village

Two Iowans have been added as plaintiffs in a class action lawsuit filed by customers who had their credit and debit card information stolen after using their cards at certain Hy-Vee stores. The lawsuit was originally filed in October on behalf of two customers, one in Illinois and one in Missouri, affected by Hy-Vee’s eight-month-long data breach.

The amended complaint was filed in the U.S. District Court for the Central District of Illinois on Monday. Six more people have joined the original two plaintiffs in the lawsuit, which seeks compensation, damages and legal fees from the West Des Moines-based grocery store chain.

According to Monday’s filing, Melanie Savoie had her card information stolen after using “both her credit and debit card on several occasions at the Hy-Vee gas pump locations in Burlington, Iowa and Fort Madison, Iowa” during the data breach.

Cheryl Ellingson had her banking information compromised after she “used her debit card at a Hy-Vee-operated Wahlburgers restaurant located in West Des Moines” earlier this year.

Because Iowans have been added as plaintiffs, the lawsuit now alleges Hy-Vee violated the Iowa Consumer Fraud Act, and engaged in “unfair, deceptive, and unconscionable trade practices” by failing to provide adequate data security for all its customers, or warn them of the potential data security problems the chain had.

On Aug. 14, Hy-Vee issued a press release announcing it had discovered a data breach that affected customers who used debit and credit cards at its fuel pumps, drive-thru coffee shops and restaurants (Market Grilles, Market Grille Expresses and its Wahlburgers locations). No purchases at “our grocery stores, drugstores and inside our convenience stores” were at risk, the company explained, because those sales are processed using a different, more secure system.

Locations in all eight Midwestern states where the chain has its more than 240 stores were affected by the breach, which lasted between seven to eight months.

Card data stolen in the breach has been reported to be on sale at Joker’s Stash, a site that traffics in stolen card data.

Two months after it announced the data breech, Hy-Vee revealed the locations affected by it. According to Hy-Vee’s online data base eight locations that were infected by malware in Johnson County, and three in Linn County.

Johnson County

Iowa City

North Dodge Street Hy-Vee: Pay at the Pump, infected from Dec. 14, 2018 to July 29, 2019; Market Grille, infected from Jan. 15, 2019 to July 29, 2019.

Waterfront Hy-Vee: Pay at the Pump, infected from Dec. 14, 2018 to July 29, 2019; Market Grille, infected from Jan. 15, 2019 to July 29, 2019.

Eastside/1st Avenue Hy-Vee: Market Grille, infected from Jan. 15, 2019 to July 1, 2019
 

Coralville

Lantern Park Plaza Hy-Vee: Pay at the Pump, infected from Dec. 17, 2018 to July 29, 2019; Market Grille, infected from Jan. 15, 2019 to July 16, 2019

Crosspark Road Hy-Vee: Market Grille, infected from Jan. 15, 2019 to July 29, 2019
 

Linn County

Cedar Rapids

Wilson Avenue Hy-Vee: Pay at the Pump, infected Dec. 14, 2018 to July 29, 2019

Johnson Avenue Hy-Vee: Market Grille, infected Jan. 15, 2019 to July 29, 2019
 

Marion

Marion Hy-Vee: Pay at the Pump, infected Dec. 14, 2018 to July 29, 2019
 

Little Village reached out to Hy-Vee for comment when the lawsuit was originally filed.

“We do not comment on pending litigation,” Tina Potthoff, Hy-Vee’s senior vice president for communications, said in an email.

No court date has been set for the lawsuit yet. Hy-Vee has until Jan. 6 to response to the amended lawsuit.


  • 21
    Shares

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisement

A collaboration between The Englert Theatre and FilmScene

STRENGTHEN
GROW•EVOLVE

Help us build the greatest small city for the arts in America—right here in Iowa City. Learn more »

Donate Today

Strengthen • Grow • Evolve is a collaborative campaign led by two Iowa City-based arts nonprofits, The Englert Theatre and FilmScene that seeks a major reinvestment to strengthen the arts through modern and historic venues, innovative programming, and new models of collaboration.

For 18 years...

Little Village has been telling the truth and changing our little corner of the world.

If you can, help us head into the next 18 years even stronger with a one-time or monthly contribution of $18, or any amount you choose.

Little Village
2019 Give Guide

Get to know some of the nonprofits helping to make the CRANDIC a better place to live.