Breach Brief, HyVee, State Farm, Choice Hotels

Published On August 28, 2019 | By Tom Huskerson | Breach Briefs

Hy-Vee Markets

Hy-Vee Markets warned customers last week after staff discovered a security breach on some of its point-of-sale (PoS) systems. The chain operates 248 stores throughout the midwest.

According to the company card transactions at Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants (Market Grilles, Market Grille Expresses, and Wahlburgers) may have been recorded by hackers. The store has advised custmers that point of sale card readers at Hy-Vee grocery stores, drugstores, and convenience stores have not been impacted by the breach.

Although it is not know who carried out the hack the card numbers and customer data has begun to show up on the dark web.

According to 5.3 million accounts have appeard for sale on the underground website Joker’s Stash. The accounts belong to cardholders in 35 states and are being sold for beween $17 and $35 each.

A Hy-Vee spokesperson said the company is aware that customer data is for sale on the dark web and “is working with the payment card networks so that they can identify the cards and work with issuing banks to initiate heightened monitoring on accounts.”

Consumers are urged to keep an eye on bank and card accounts and credit reports.

Focus Brands

Atlanta based Focus Brands, owners of Moe’s Southwest Grill, Schlotzsky’s and McAllister’s Deli restaurants reported a data breach. According to a company spokesperson the investigation “is focused on transactions that occurred from April 2019 into July 2019.”

Focus Brands also owns Auntie Anne’s, Carvel, Cinnabon and Jamba Juice, but the compnay has said the breach does involve those chains.

The company has not said which restaurant locations the breach is tied to nor how many customer may have been affected, only that the investigation is ongoing.

Choice Hotels

Choice Hotels has been hit by a massive data breach of information from guests who stayed at Choice Hotels and its subsidiaries. Choice Hotels operates 14 different hotel brands that include Comfort, Sleep Inn, Quality Inn, Clarion, EconoLodge and Rodeway Inn. The data breach may impact as many as 700,000 Choice Hotel Customers. reported that the Choice Hotels data breach resulted from hackers discovering an unsecured database containing 5.7 million Choice Hotel records. The database contained names, email addresses and phone numbers of former guests. Choice Hotels claims most of the data was “test data.” However, the database was left unprotected online for four days before being discovered by a security team.

Hackers who found the unsecured database left a ransom note demanding a Bitcoin payments of .4b or $4,000 claiming the database had been downloaded. Choice Hotel owners said the ransom demand was “not successful.”

Choice Hotels says it’s continuing to investigate the data leak and will no longer be working with the vendor who hosted its data.

State Farm

The nation’s largest property and casualty insurance provider has been compromised in a credential stuffing attack. State Farm Insurance filed a data breach notification with the California Attorney General on Wednesday, Aug. 7

Credential stuffing is an attack where hackers obtain usernames and passwords that were leaked from a previous data breach attack and use those credentials to log-in to other accounts and sites. This type of attack works against people who use the same password across multiple websites.

State Farm admitted the data compromise in a “Notice of Data Breach” email. The company stated the attacker did get customer usernames and passwords of some policyholders’ accounts. But reported that no personally identifiable information was viewable, and no fraud was detected. It is unknown if the attacker was able to log into the accounts.

State Farm has notified all account holders affected and reset all passwords for the accounts whose credentials were breached by the hacker.

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.