WEST DES MOINES, Iowa - Hy-Vee stores is settling a lawsuit over data breaches of it credit and debit card readers.
Hy-Vee will pay victims of the breach $225 to cover their costs, while the people suing the store will get $5,000 each.
The breach took place in 2018 and 2019 when malware infected card readers at Hy-Vee gas pumps and drive-thru coffee shops as well as its Market Grille and Wahlburgers stores.
Hy-Vee grocery stores were not affected by the breach.
The malware stole customer names as well as their credit and debit card numbers and card expiration dates and verification codes
The settlement also requires Hy-Vee to spend millions of dollars to beef up its data security system and provide employee training on data security.
A number of Hy-Vee customers in Illinois, Wisconsin and Missouri filed separate lawsuits in 2019, which were subsequently combined into a class action lawsuit.
Plaintiffs in the lawsuit will get 727,000 to cover attorneys fee and an additional $2,000 each.
A court still has to approve the settlement before it can go into effect.