Hy-Vee releases information on stores hit by data breach

A data breach Hy-Vee grocery stores reported this summer affected customers at two Columbia locations and in Jefferson City and Osage Beach.

The company on Thursday released more information about the breach that it initially reported in mid-August. The release Thursday included a list of affected stores. Malware meant to access card data was used at the following Hy-Vee stores during the following dates:

Jan. 15-July 17 at the Market Grille inside the Hy-Vee store at 3100 W. Broadway
Nov. 9-July 17 at the Market Grille at 25 Conley Road
Dec. 14-July 28 at the Hy-Vee gas station at 3120 W. Broadway
Dec. 14-July 29 at the gas station at 25 Conley Road
Dec. 14-July 22 at the gas station at 3723 W. Truman Blvd.
Jan. 15-July 29 at the Market Grille in Osage Beach
Dec. 14-July 29 at the gas station in Osage Beach

Only pay-at-the-pump transactions at gas stations were affected.

The company said the malware did not copy all data from transactions at those points of sale during those dates and that a Hy-Vee investigation showed no indication that other customer information was accessed.

Hy-Vee set up a website with more information about its findings and information about how customers can protect themselves.

Transactions at store checkout lanes, inside convenience stores, at pharmacies, at customer service counters, in alcohol departments, in floral departments, in clinics and in other food service areas were not affected. Online transactions also were unaffected, the company said.

Hy-Vee said it is looking at ways to enhance its security.

Sign up for email news alerts by clicking here

Copyright 2019 KMIZ