The grocery chain seems to be moving towards a settlement Hy-Vee based in Iowa in order to arrange one data breach suffered.
As the investigation finally found, malware Designed to access and steal payment card data, it was installed in specific Hy-Vee fuel pumps as well as in drive-thru cafes.
The company's restaurants were also affected, including Hy-Vee Market Grilles, Hy-Vee Market Grille Expresses and Wahlburgers but also the cafeteria in the corporate office of the chain, West Des Moines.
Such as said Hy-Vee in October 2019, the times that were violated the card data used at these sites is different. However, the company stated that in general, fuel pumps were affected from December 14, 2018 to July 29, 2019, while drive-thru restaurants and cafes were affected from January 15, 2019 to July 29, 2019.
"There are six locations where access to card data may have already started as of November 9, 2018 and one site where access to card data may have continued until August 2, 2019"The company said.
However, the company is concerned that its stores in Illinois, Kansas, Missouri, Montana, Nebraska, South Dakota and Wisconsin were also affected by the breach. The data stolen during the attack included customer names, credit and debit card numbers, card expiration dates and verification codes.
In October and November 2019, lawsuits were filed for breach by many customers in Illinois, Missouri and Wisconsin whose data had been breached. These customers later cooperated and filed a complaint against Hy-Vee in late November 2019.
On January 12, a settlement was proposed that would allow those affected by the breach to file claims for damages, up to a maximum of $ 225. The plaintiffs referred to treatment will receive an additional $ 2.000.
According to the proposal, those of them customers have suffered more damage, if for example they have been charged for purchases they did not make, they can claim up to $ 5.000.