Class action lawsuit filed against Hy-Vee over data breach

By  | 

CEDAR RAPIDS, Iowa (KCRG) - A class action has been filed in Illinois against Hy-Vee, Inc., following a massive data breach that impacted its gas stations, coffee shops and restaurants.

(Logo courtesy: Hy-Vee / MGN / Background image: Pexels)

Between December 14, 2018, and July 29, 2019, the company said malware accessed cards at fuel pumps for Hy-Vee gas stations and card payments at restaurants and drive-thru coffee shops between January 15, 2019, and July 29, 2019.

Hy-Vee announced the breach in August 2019 after it noticed unauthorized activity on some of our payment processing systems. On Oct. 3, Hy-vee shared additional details with customers about which locations and services were impacted.

The complaint filed in the Central Illinois District Court by a Pennsylvania-based law firm Tuesday says there was no way to avoid the incident due to "Hy-Vee’s inadequate data security measures despite the ever-growing threat of security breaches involving payment card systems."

Click or tap here to read the full complaint.

Even though Hy-Vee published information the risk of security breached, the claim also says the company did not take measures to help customers who may have been impacted, "choosing instead to spread out information about the breach over a series of months."

The lawsuit includes an expert who alleges more than 5 million customers were impacted and their information is for sale on the dark web. The company has not officially confirmed the number of debit and credit cards impacted.

In a statement to KCRG-TV9, Hy-Vee said "We do not comment on pending litigation."