DES MOINES, Iowa (AP) — Iowa-based Hy-Vee says it's aware of reports that hacked customer account information is being sold online.
The Des Moines Register was the first to report that credit and debit card information of some Hy-Vee customers is being sold on an internet site for $17 to $35 apiece.
Hy-Vee issued a statement to Des Moines station KCCI saying it is aware of reports of the stolen information being sold and is working with payment card networks to identify the cards and work with issuing banks.
Hy-Vee acknowledged earlier this month that it detected unauthorized activity on some of its payment processing systems linked to card payments at Hy-Vee restaurants, fuel pumps and drive-thru coffee shops. The company doesn't believe the breach extended to payments systems used inside its grocery stores, drugstores and convenience stores.
Hy-Vee operates more than 240 retail stores across Illinois, Iowa, Kansas, Minnesota, Missouri, Nebraska, South Dakota and Wisconsin.