Hy-Vee said it believes the breach does not affect payment card terminals used at its grocery store checkout lanes, pharmacies or convenience stores, as these systems rely on a security technology designed to defeat card-skimming malware.
According to two sources who asked not to be identified for this story, including one at a major US financial institution, the card data stolen from Hy-Vee is now being sold under the code name “Solar Energy,” at the infamous Joker’s Stash carding bazaar.
An ad at the Joker’s Stash carding site for “Solar Energy,” a batch of more than 5 million credit and debit cards sources say was stolen from customers of supermarket chain Hy-Vee. Hy-Vee said the company’s investigation is continuing.
The card account records sold by Joker’s Stash, known as “dumps,” apparently stolen from Hy-Vee are being sold for prices ranging from USD 17 to USD 35 apiece. Buyers typically receive a text file that includes all of their dumps. Those individual dumps records – when encoded onto a new magnetic stripe on virtually anything the size of a credit card – can be used to purchase stolen merchandise in big box stores.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now