Hy-Vee is the latest in a long line of companies to suffer a financial data breach, potentially subjecting customers to fraudulent transactions and identity theft.
In a statement, the Midwest-based company said at least some of its stores were impacted by a “security incident.” The severity of the event is unknown, and the company has not said how many people were affected. Hy-Vee operates 245 stores in eight states.
There is a silver lining with financial data crimes, said a member of a cybercrime task force. The impact can be somewhat self-policed, unlike other crimes.
“I think for your average consumer, the best thing you can do is keep on top of your finances,” said Jason Phelps, a Platte County Sheriff’s Office investigator.
If you do happen to notice a suspicious charge, Phelps said the first step might not be to run to the police station.
“If you discover a discrepancy, contact that financial institution and start a process with them,” he said. “And many times they do say, ‘Well we need a police report,’ and they should be able to tell you how to go about doing that.”
In its statement about the breach, Hy-Vee said, “cardholders are not generally responsible for unauthorized charges reported in a timely manner.”
Hy-Vee also said its grocery stores weren’t hit, but rather the gas stations and restaurants, which use a different point-of-sale system.
The company is far from alone in dealing with data breaches. In 2013, Target reported a hack that impacted over 40 million customers. Just a few weeks ago, Capital One was also the target of a large attack. The St. Jo Frontier Casino, Sonic and Ameritas also have been hacked at various times.
But it’s not just outside attacks. The practice of “skimming” has become more popular in recent years. According to the FBI, skimming involves placing a physical device onto the usual device that reads credit and debit cards. When you swipe, thieves can then read that data.
“The internet is famous for being anonymous, anyone can get on there and call themselves anything,” Phelps said. “So the trouble we have (in law enforcement) is being able to identify who might be doing the crime.”
This story has been updated to clarify to severity of Hy-Vee's breach.