DES MOINES, Iowa - An internet security researcher says millions of debit and credit cards being sold online were stolen in a data breach at Hy-Vee.
KrebsOnSecurity claims 5.3 million credit and debit accounts that appeared on a website known for selling stolen data were actually from Hy-Vee stores.
Earlier this month, Hy-Vee disclosed unusual activity involving transactions at its gas stations, coffee shops and restaurants.
The restaurants affected include Hy-Vee Market Grilles, Market Grille Expresses and Wahlburgers locations which are owned and operated by the company.
The West Des Moines based grocery chain hasn’t commented publicly about the researcher’s new claim, but said earlier that it eliminated the unusual activity.
It also said it was working with investigators and law enforcement on the issue, and noted the unusual transaction activity did not occur at its grocery and drug stores.
KrebsOnSecurity published a story Thursday saying its report is based on two anonymous sources, adding that the stolen data being sold online was going for $17.00-$35.00 for each credit or debit card.