WEST DES MOINES, Iowa — Hy-Vee says it is in the “earliest stages” of an investigation into whether payment card data was breached at some of its fuel pumps, drive-thru coffee shops and restaurants.
The grocer announced Wednesday it recently detected unauthorized activity at some of its payment processing systems and “immediately” began an investigation with assistance from leading cybersecurity firms.
Company officials also alerted federal law enforcement and the payment card networks, the company said in a news release.
Hy-Vee said it believes its actions have stopped the unauthorized activity on its payment processing systems.
The company’s systems for the fuel pumps, coffee shops and restaurants — including Market Grilles, Market Grille Expresses and Wahlburgers locations — lack the encryption technology that renders card data unreadable at its grocery stores, drugstores and convenience stores, which are not believed to be involved in the potential breach.
Transactions processed through Aisles Online, Hy-Vee’s online grocery ordering platform, also are not involved, the company said.
Hy-Vee did not indicate specific time frames or locations Wednesday but said it will notify customers once further details emerge.
The company is based in West Des Moines and operates more than 240 retail stores in eight Midwestern states: Illinois, Iowa, Kansas, Minnesota, Missouri, Nebraska, South Dakota and Wisconsin.
HyVee has stores at 675 S. Whitney Way and 3801 E. Washington Ave. in Madison, and 2920 Fitchrona Road in Fitchburg.