Advertisement

Two Iowans added as plaintiffs in class action lawsuit over Hy-Vee’s data breach

  • 21
    Shares

Hy-Vee Gas, 1103 N Dodge St, Iowa City. — Emma McClatchey/Little Village

Two Iowans have been added as plaintiffs in a class action lawsuit filed by customers who had their credit and debit card information stolen after using their cards at certain Hy-Vee stores. The lawsuit was originally filed in October on behalf of two customers, one in Illinois and one in Missouri, affected by Hy-Vee’s eight-month-long data breach.

The amended complaint was filed in the U.S. District Court for the Central District of Illinois on Monday. Six more people have joined the original two plaintiffs in the lawsuit, which seeks compensation, damages and legal fees from the West Des Moines-based grocery store chain.

According to Monday’s filing, Melanie Savoie had her card information stolen after using “both her credit and debit card on several occasions at the Hy-Vee gas pump locations in Burlington, Iowa and Fort Madison, Iowa” during the data breach.

Cheryl Ellingson had her banking information compromised after she “used her debit card at a Hy-Vee-operated Wahlburgers restaurant located in West Des Moines” earlier this year.

Because Iowans have been added as plaintiffs, the lawsuit now alleges Hy-Vee violated the Iowa Consumer Fraud Act, and engaged in “unfair, deceptive, and unconscionable trade practices” by failing to provide adequate data security for all its customers, or warn them of the potential data security problems the chain had.

On Aug. 14, Hy-Vee issued a press release announcing it had discovered a data breach that affected customers who used debit and credit cards at its fuel pumps, drive-thru coffee shops and restaurants (Market Grilles, Market Grille Expresses and its Wahlburgers locations). No purchases at “our grocery stores, drugstores and inside our convenience stores” were at risk, the company explained, because those sales are processed using a different, more secure system.

Locations in all eight Midwestern states where the chain has its more than 240 stores were affected by the breach, which lasted between seven to eight months.

Card data stolen in the breach has been reported to be on sale at Joker’s Stash, a site that traffics in stolen card data.

Two months after it announced the data breech, Hy-Vee revealed the locations affected by it. According to Hy-Vee’s online data base eight locations that were infected by malware in Johnson County, and three in Linn County.

Johnson County

Iowa City

North Dodge Street Hy-Vee: Pay at the Pump, infected from Dec. 14, 2018 to July 29, 2019; Market Grille, infected from Jan. 15, 2019 to July 29, 2019.

Waterfront Hy-Vee: Pay at the Pump, infected from Dec. 14, 2018 to July 29, 2019; Market Grille, infected from Jan. 15, 2019 to July 29, 2019.

Eastside/1st Avenue Hy-Vee: Market Grille, infected from Jan. 15, 2019 to July 1, 2019
 

Coralville

Lantern Park Plaza Hy-Vee: Pay at the Pump, infected from Dec. 17, 2018 to July 29, 2019; Market Grille, infected from Jan. 15, 2019 to July 16, 2019

Crosspark Road Hy-Vee: Market Grille, infected from Jan. 15, 2019 to July 29, 2019
 

Linn County

Cedar Rapids

Wilson Avenue Hy-Vee: Pay at the Pump, infected Dec. 14, 2018 to July 29, 2019

Johnson Avenue Hy-Vee: Market Grille, infected Jan. 15, 2019 to July 29, 2019
 

Marion

Marion Hy-Vee: Pay at the Pump, infected Dec. 14, 2018 to July 29, 2019
 

Little Village reached out to Hy-Vee for comment when the lawsuit was originally filed.

“We do not comment on pending litigation,” Tina Potthoff, Hy-Vee’s senior vice president for communications, said in an email.

No court date has been set for the lawsuit yet. Hy-Vee has until Jan. 6 to response to the amended lawsuit.


  • 21
    Shares
Thoughts? Tips? A cute picture of a dog? Share them with LV » editor@littlevillagemag.com

Advertisement

The Iowa City Human Rights Commission needs you!

Apply Today

@ICHumanRights »

Advertisement

Summer Programs 2020

Get 150+ local restaurants delivered to your door in the Iowa City & Cedar Rapids areas!

The Future is Unwritten

You look to Little Village for today’s stories. Your sustaining support will help us write tomorrow’s.

Regular

$10/mo or $120/year
(AUTO-RENEW)
The cost of doing this work really adds up! Your contribution at this level will cover telephone and internet expenses for one month at the LV editorial offices.

Italic

$20/mo or $240/year
(AUTO-RENEW)
$240 is enough to cover one month’s costs for sending out our weekly entertainment newsletter, The Weekender. Make a contribution at this level to put a little more oomph on your support and your weekend.

Bold

$30/mo or $360/year
(AUTO-RENEW)
LittleVillageMag.com connects eastern Iowa culture with the world. Your contribution at this level will cover the site’s hosting costs for three months. A bold move for our boldest supporters!

All monthly and annual contributors receive:

  • Recognition on our Supporters page (aliases welcome)
  • Exclusive early access when we release new half-price gift cards
  • Access to a secret Facebook group where you can connect with other supporters and discuss the latest news and upcoming events (and maybe swap pet pics?) with the LV staff
  • Invitations to periodic publisher chats (held virtually for now) to meet with Matt and give him a piece of your mind, ask your burning questions and hear more about the future plans for Little Village, Bread & Butter Magazine, Witching Hour Festival and our other endeavors.

Coralville Public Library Online Summer Reading Programs

For ages 0-99+