CEDAR RAPIDS, Iowa (KCRG) – A multitude of millions of credit and debit cards sold online are attributed to information stolen in a data breach on certain Hy-Vee payment terminals, according to a report by an Internet security researcher.
(Logo courtesy: Hy-Vee / MGN / Wallpaper: Pexels)
KrebsOnSecurity, a website run by technology security writer Brian Krebs, on Thursday published a story claiming 5.3 million credits and debited. In fact, accounts from a total of 35 states that appeared on a site known for selling stolen card data were actually from Hy-Vee stores.
Krebs based his report on two anonymous sources, including one from a major financial institution.
Hy-Vee said that transactions in the major grocery stores, pharmacy locations or purchases made at the Hy-Vee Gas locations rather than at the pump were not affected by the data breach. The company also claimed it had solved the problem, but is still working with investigators and law enforcement on the problem.
Hy-Vee has not provided any other public statements on the matter since its first disclosure on August 14. The company sent the following statement to Des Moines-based TV station KCCI: "We are aware of payment processors and card networks' reports on payment data being offered for sale, and are working with payment card networks to identify the cards and partner with issuing banks to set up Krebs said information from the set of cards sold for between $ 17 to $ 35 each.
Hy-Vee recommends customers who are keen to pay close attention to bank statements and balances for unauthorized activity. If a customer notices something unexpected, they should contact their financial institution.