A settlement has been reached in a class action lawsuit surrounding the Hy-Vee data breach that allowed hackers to steal credit card details for months starting in 2018.
U.S. District Judge Michael Mihm approved the preliminary deal Tuesday, marking an end to the legal fight to hold the Iowa-based chain of grocery stores and restaurants accountable.
Judge Mihm said in his decision to approve the Hy-Vee data breach settlement the case had merit but put limits on the monetary amounts and excluded claims of emotional distress or injury.
The proposed settlement will be capped at $225 per Class Member for bank fees related to the Hy-Vee data breach.
A claim of up to $5,000 is permitted for Class Members who experienced “extraordinary expenses” and can show proof of those expenses, according to the settlement deal.
Class Members are entitled to unpaid postage, as well as interest on payday loans due to card cancelation or an “over-limit situation.” If they spent time dealing with banks in relation to to the Hy-Vee data breach, consumers can also be compensated for time, at a rate of $20 an hour for up to three hours, according to the settlement.
Furthermore, the deal requires claimants to “exhaust all credit monitoring insurance and identity theft insurance, before Hy-Vee is responsible for any expenses.”
The Hy-Vee data breach began in 2018 when some of the store’s point-of-sale systems were infected with malware, according to the initial complaint.
Plaintiffs Noreen Perdue and Dustin Murray, who filed their class action lawsuit in 2019, alleged more than 5 million cardholders were affected by the Hy-Vee data breach.
Hackers were able to steal account numbers from credit cards swiped at six Hy-Vee locations, including gas pumps, coffee drive-thrus and three of its restaurants, according to a company alert.
A spokesman for Hy-Vee told the Des Moines Register the company was unable to identify specifically where the breaches occurred.
By August 2019, analysts monitoring hackers said 5.3 million accounts held by people from 35 states coming from the Hy-Vee data breach were being sold for $17 to $35 a piece on the dark web, cybersecurity expert Brian Krebs wrote in a blog post.
“Just remember that while consumers are not liable for fraudulent charges, it may still fall to you the consumer to spot and report any suspicious charges,” Krebs wrote.
Do you shop at Hy-Vee stores? How concerned are you about incidents like the Hy-Vee data breach? Let us know in the comments below.
Counsel representing the plaintiffs in the Hy-Vee data breach class action lawsuit are Katrina Carroll, Kyle Shamberg of Carlson Lynch LLP; Benjamin F. Johns, Andrew W. Ferich of Chimicles Schwartz Kriner & Donaldson-Smith LLP; and Cornelius P. Dukelow of Abington Cole + Ellery.
The Hy-Vee Data Breach Class Action Lawsuit is Perdue, et al. v. Hy-vee, Inc., Case No. 1:19-cv-01330, in the U.S. District Court for the Central District of Illinois, Peoria Division.
Read About More Class Action Lawsuits & Class Action Settlements:
NEC lawsuit: Families take action against Enfamil and Similac baby formula makers
September 10, 2025 | Legal News
9 thoughts onJudge OKs Hy-Vee Data Breach Class Action Lawsuit Settlement
Please add me. I was impacted by my credit rating falling drastically. i have had nothing but trouble keeping my cards safe so i believe someone is still messing with my account.
add me in
add me in
Please add me
Add me
Please add me
Please add me
Please add me.
add me in