116 3rd St SE
Cedar Rapids, Iowa 52401
Home / Business
Data breach lawsuit advances against Hy-Vee
Apr. 23, 2020 5:04 pm, Updated: Apr. 23, 2020 5:52 pm
A federal judge has ordered a majority of claims brought against grocery chain Hy-Vee, made under an ongoing class-action lawsuit in connection with a cyber breach that compromised payment card data at numerous locations in eight states, can proceed.
In a Monday order, federal Judge Michael Mihm of the U.S. District Court for the Central District of Illinois rejected six claims in the lawsuit initially filed against the West Des Moines-based grocer in October.
The lawsuit alleges Hy-Vee failed to protect card data at its fuel pump, drive-through coffee shop and restaurant locations; waited seven weeks before sharing more information; and did not offer card monitoring services or fraud insurance.
Advertisement
The dismissed claims against Hy-Vee included counts of negligence, unjust enrichment and breach of third-party contract, plus alleged violations of some state statutes involving consumer fraud and data breach notification.
Hy-Vee said in August it had detected unauthorized activity at some of its payment processing systems, found to date back up to nine months at some locations.
The carding bazaar Joker's Stash reportedly listed Hy-Vee data from more than 5.3 million card accounts in 35 states for sale online, wrote Brian Krebs on his news website Krebs on Security.
A Hy-Vee spokeswoman declined to comment on the new case order, citing pending litigation.
Comments: (319) 398-8366; thomas.friestad@thegazette.com
The A class-adtion lawsuit says Hy-Vee failed to protect card data at its fuel pump, drive-through coffee shop and restaurant locations; waited seven weeks before sharing more information; and not offering card monitoring services or fraud insurance. (The Gazette)