After detecting unauthorized activity on some of their payment processing systems on July 29, 2019, West Des Moines-based Hy-Vee on Wednesday said malware accessed card information from some customers.
The breach impacts Hy-Vee fuel pumps from December 9, 2018 through July 29, 2019 and restaurants and coffee shops from January 15 though July 29. There are six locations where the malware may have impacted customers from November 9, 2018 through August 2, 2019.
According to the company, transactions made inside Hy-Vee grocery stores and gas stations were not affected and the breach did not impact their online service.
Hy-Vee found that locations across 18 Minnesota cities may have been impacted, including the Wahlburgers location at the Mall of American. The locations can be found by using the store locator.
Customers are reminded to review their payment card statements for any unauthorized activity. Additional steps may be taken here.