East Coast convenience store chain Wawa reported a breach of their credit card machines December 19th, now it is believed that data is for sale on the dark web.
The Pennsylvania based retail chain discovered the attack on December 10th, and had it contained by December 12th, but Wawa says the malware started on March 4th, meaning hackers had been collecting credit card information for nine months. The breach exposed the credit card number, the expiration date, and the cardholder’s name. Wawa says the breach did not expose PIN numbers or CVV codes (the three numbers on the back of the card).
At the end of January, a hacker on the dark web announced a stash of 30 million credit cards would be available for sale. Experts believe most of this credit card data is from the Wawa breach. This hacker is well known for selling credit card data, and is only releasing small batches at a time, so as not to inflate the black market.
Gas station scanner hacking is on the rise. Visa released this report with its findings on two recent gas station point of sale attacks. Visa found the hackers gained access through a phishing campaign and installed malware on the gas station network. Once the hackers had access, they could move laterally over the network to access credit card information. Visa cites the greatest reason for these attacks on gas station point of sale systems, are retailers’ slow move toward a chip or more secure system.
“…as long as the magnetic stripe readers are in place, fuel dispenser merchants are becoming an increasingly attractive target for advanced threat actors with an interest in compromising merchant networks to obtain this payment card data.”
Wawa has teamed up with Experian to offer identity protection to potentially impacted customers.
Steps you can take if you believe your credit card number was compromised:
- If you shopped at a Wawa retail location between March 4th, 2019 and December 12th, 2019, review your credit card statements for any unauthorized charges.
- Read the security statement from Wawa here.
- Now that we know the credit card information is being sold, it may be a good time to request a new card from your cardholder to head off any future issues.
At Quanexus data security is our highest priority for our clients. Is your business in a position where you are questioning the security of your data? Give us a call today to talk through your needs, and how we may be of service.
Quanexus IT Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.