WEST DES MOINES, Iowa — Several Hy-Vee locations on both sides of the state line are involved in a data breach from earlier this summer.
The data breach was reported on Aug. 14 at some Hy-Vee fuel pumps, drive-thru coffee shops and restaurants. The breach began on Dec. 14, 2018 and lasted through July 29, 2019, with dates varying depending on location.
In a news release, the company said that an investigation by a cybersecurity firm revealed that the malware was designed t access data from cards used at those locations.
The malware searched for data including the cardholder’s name, the card number, expiration date and internal verification code.
There’s no indication that the breach impacted grocery store checkouts, the wine and spirit area, pharmacy, convenience stores or customer service counters.
Many Hy-Vee locations in the metro were impacted, including stores in Belton, Blue Springs, Gladstone, Independence, Kansas City, Lee’s Summit, Liberty and Raytown on the Missouri side.
Locations impacted in Kansas include Lawrence, Lenexa, Mission, Olathe, Overland Park and Shawnee.
Hy-Vee says they removed the malware, added new security measures and are cooperating with a law enforcement investigation.
For a full list of locations impacted, click here.