A class-action lawsuit has been filed against Hy-Vee, following a massive data breach that impacted its gas stations, coffee shops, and restaurants.

Between the dates of December 4th, 2018 and July 29th, 2019 malware accessed cards at Hy-Vee fuel pumps and card payments at restaurants and coffee shops. The company announced that breach in August of 2019 after noticing suspicious activity on their payment processing systems. Hy-Vee then shared information about what services had been impacted with the public on October 3rd.

The complaint was filed in Central Illinois District Court. It claims there was no way to avoid the incident due to Hy-Vee's inadequate data security system. And even though Hy-Vee published information about what was breached, the lawsuit claims that it didn't do enough to help customers who had been affected. It goes on to allege that over 5 million people were impacted by the breach and that their information is for sale on the dark web.

Hy-Vee stated yesterday that they "do not comment on pending litigation." 

 

[via KCRG]