Hy-Vee Supermarket breach led to sale of 5 mln card details

Tuesday 27 August 2019 10:22 CET | News

Sources from the Hy-Vee Supermarket breach story, including one at a major US financial institution, has informed the card data stolen from Hy-Vee is currently being sold.

Hy-Vee said it believes the breach does not affect payment card terminals used at its grocery store checkout lanes, pharmacies or convenience stores, as these systems rely on a security technology designed to defeat card-skimming malware.

According to two sources who asked not to be identified for this story, including one at a major US financial institution, the card data stolen from Hy-Vee is now being sold under the code name “Solar Energy,” at the infamous Joker’s Stash carding bazaar.

An ad at the Joker’s Stash carding site for “Solar Energy,” a batch of more than 5 million credit and debit cards sources say was stolen from customers of supermarket chain Hy-Vee. Hy-Vee said the company’s investigation is continuing.

The card account records sold by Joker’s Stash, known as “dumps,” apparently stolen from Hy-Vee are being sold for prices ranging from USD 17 to USD 35 apiece. Buyers typically receive a text file that includes all of their dumps. Those individual dumps records – when encoded onto a new magnetic stripe on virtually anything the size of a credit card – can be used to purchase stolen merchandise in big box stores.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Hy-Vee Supermarket, data breach, dark web
Countries: World