A federal judge has ordered a majority of claims brought against grocery chain Hy-Vee, made under an ongoing class-action lawsuit in connection with a cyber breach that compromised payment card data at numerous locations in eight states, can proceed.
In a Monday order, federal Judge Michael Mihm of the U.S. District Court for the Central District of Illinois rejected six claims in the lawsuit initially filed against the West Des Moines-based grocer in October.
The lawsuit alleges Hy-Vee failed to protect card data at its fuel pump, drive-through coffee shop and restaurant locations; waited seven weeks before sharing more information; and did not offer card monitoring services or fraud insurance.
The dismissed claims against Hy-Vee included counts of negligence, unjust enrichment and breach of third-party contract, plus alleged violations of some state statutes involving consumer fraud and data breach notification.
Hy-Vee said in August it had detected unauthorized activity at some of its payment processing systems, found to date back up to nine months at some locations.
A Hy-Vee spokeswoman declined to comment on the new case order, citing pending litigation.
Comments: (319) 398-8366; firstname.lastname@example.org