Kansas City area Hy-Vee locations involved in August data breach

Hy-Vee sign picture
This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

WEST DES MOINES, Iowa — Several Hy-Vee locations on both sides of the state line are involved in a data breach from earlier this summer.

The data breach was reported on Aug. 14 at some Hy-Vee fuel pumps, drive-thru coffee shops and restaurants. The breach began on Dec. 14, 2018 and lasted through July 29, 2019, with dates varying depending on location.

In a news release, the company said that an investigation by a cybersecurity firm revealed that the malware was designed t access data from cards used at those locations.

The malware searched for data including the cardholder’s name, the card number, expiration date and internal verification code.

There’s no indication that the breach impacted grocery store checkouts, the wine and spirit area, pharmacy, convenience stores or customer service counters.

Many Hy-Vee locations in the metro were impacted, including stores in  Belton, Blue Springs, Gladstone, Independence, Kansas City, Lee’s Summit,  Liberty and Raytown on the Missouri side.

Locations impacted in Kansas include Lawrence, Lenexa, Mission, Olathe, Overland Park and Shawnee.

Hy-Vee says they removed the malware, added new security measures and are cooperating with a law enforcement investigation.

For a full list of locations impacted, click here.

Tracking Coronavirus

More Tracking Coronavirus



More News