Mason City Hy-Vee Gas location impacted by point-of-sale malware incident

WEST DES MOINES — The Mason City Hy-Vee Gas location is one of several of the locations where the grocery store company says a “security incident” may have affected some customer’s payment information.

Hy-Vee back in mid-August said they detected “unauthorized activity” in payments made at Hy-Vee fuel pumps, drive-through coffee shops and company-operated restaurants. Hy-Vee now says that their investigation identified the operation of malware designed to access payment card data from cards used on “point-of-sale” devices at those locations.

The malware searched for track data ready from a payment card as it was being routed through the “point-of-sale” device. They say the malware was not present on all devices at the location and it appears the malware did not copy data from all of the payment cards used during the period it was present on a given “point-of-sale” device. They say there’s no indication that other customer information was accessed.

Hy-Vee says the specific timeframes when data from cards was accessed vary by location over the general timeframe of December 14th of last year to July 29th of this year. Hy-Vee says for customers they can identify as having used their card at a location involved during that location’s specific timeframe and for whom Hy-Vee has a mailing address or e-mail address, they will be mailing them a letter or e-mail.

Hy-Vee says it’s always advisable for customers to review their payment card statements for any unauthorized activity and immediately report any unauthorized charges to their card issuer.

Click here for more information from Hy-Vee about the incident, including a search tool that shows all the locations impacted by this incident.