Skip to main content

Hy-Vee Hit with Lawsuit Over Data Breach

Hy-Vee Hit With Lawsuit Over Data Breach
Hy-Vee says cards may have been accessed between Dec. 14, 2018, to July 29, 2019

Hy-Vee Inc. is facing a lawsuit after a data breach that took place at some Hy-Vee fuel pumps, drive-thru coffee shops and restaurants in the past year. Pennsylvania law firm Chimicles Schwartz Kriner & Donaldson-Smith (CSK&D) has filed a class action complaint in the U.S. District Court for the Central District of Illinois against the grocer. 

"The data breach was the inevitable result of Hy-Vee’s inadequate data security measures despite the ever-growing threat of security breaches involving payment card systems," CSK&D said when describing the complaint. "Further, the company allegedly failed to take adequate measures to assist affected customers, choosing instead to spread out release of information over the course of a few months and shift the responsibility of dealing with any potential fraud onto its customers."

Hy-Vee notified customers of a data breach on Aug. 14, 2019. Then, in the wake of beefing up its security measures in October, Hy-Vee noted the time periods for when data from cards may have been accessed: Dec. 14, 2018, to July 29, 2019, for the fuel pumps and Jan. 15, 2019, to July 29, 2019, for the restaurants and drive-thru coffee shops. The grocer, however, says there are six locations that could have been accessed as early as Nov. 9, 2018, and lasting until Aug. 2, 2019.

A Hy-Vee spokesperson responded to Progressive Grocer saying, "We do not comment on pending litigation."

Employee-owned Hy-Vee operates more than 260 retail stores across eight Midwestern states.The company is No. 12 on Progressive Grocer’s 2019 Super 50 list of the top grocers in the United States.

This ad will auto-close in 10 seconds