Possible Cyber Thief ID’d in Hy-Vee Data Breach

Customer credit card information stolen during the Hy-Vee data breach revealed by the retailer on Aug. 14 has begun appearing on the underground store Joker’s Stash under the code name Solar Energy, according to a report on Krebsonsecurity.com. The 5.3 million new accounts being sold for $17 to $35 are from 35 states.

“We are aware of reports from payment processors and the card networks of payment data being offered for sale and are working with the payment card networks so that they can identify the cards and work with issuing banks to initiate heightened monitoring on accounts,” Hy-Vee spokesperson Tina Potthoff told Krebsonsecurity.com.

The customer data was taken during a breach of Hy-Vee’s fuel pumps, drive-thru coffee shops and restaurants, including Market Grilles, Market Grille Expresses and the Wahlburgers locations that Hy-Vee owns and operates. The registers within the grocery, convenience and drugstores were not compromised as they operate a different POS system that uses point-to-point encryption technology for processing payment card transactions, making data unreadable to malicious software that is used to skim customer information.

“Based on our preliminary investigation, we believe payment card transactions that were swiped or inserted on these systems, which are utilized at our front-end checkout lanes, pharmacies, customer service counters, wine and spirits locations, floral departments, clinics and all other foodservice areas, as well as transactions processed through Aisles Online, are not involved,” Hy-Vee noted in a statement on its website.