PEORIA, Ill. (Legal Newsline) – Residents from Illinois and Missouri have instituted a class action lawsuit against Hy-Vee after their debit cards were compromised in a data breach after making purchases at Hy-Vee gas stations and in-store restaurants.
According to the Oct. 15 filing in the U.S. District Court for the Central District of Illinois, plaintiffs Noreen Perdue, Dustin Murray and others filed the suit against the defendant Hy-Vee Inc. alleging negligence, breach of implied contract, violations of the Illinois Consumer Fraud Act and Deceptive Business Practices Act and Deceptive Trade Practices Act. They also allege violations of the Missouri Merchandising Practices Act and unjust enrichment.
The suit states the defendant detected the breach in July, but the window of the breach was from November 2018 to July. The plaintiffs allege the defendant did not publicly announce the breach until August and did not share additional details until Oct. 3.
"As a result of the data breach, millions of consumers have reportedly had their sensitive credit and debit card information exposed to fraudsters resulting from purchases made at Hy-Vee’s gas pumps, restaurants, and its drive-thru coffee shops," the plaintiffs alleged in their suit.
The plaintiffs also claim that even two months after the incident, Hy-Vee provided "little detail" regarding the data breach to customers and failed to follow the Federal Trade Commission's recommended guidelines prior to, during and after the data breach.
The plaintiffs seek injunctive and declaratory relief as well as monetary relief. The plaintiffs and class are represented by Katrina Carroll and Kyle Shamberg of Carlson Lynch LLP in Chicago; Benjamin Johns and Andrew Ferich of Chimicles Schwartz Kriner & Donaldson-Smith LLP in Haverford, Pennsylvania; and Cornelius Dukelow of Abington Cole + Ellery in Tulsa, Oklahoma.
U.S. District Court for the Central District of Illinois case number 1:19-cv-01330-MMM-JEH