Wawa is an American company and chain of convenience stores and gas stations located along the East Coast of the United States.
Around 30 million of customers Credit Cards data is available to sell on the Dark Web.
The card detail selling price is $17 for US-issued cards and $210 per card for International cards.
Last month, Wawa disclosed security breach officially, and the company admitted that the cyber criminals hacked into their payment systems with malware, and they grab credit card details of all Wawa customers, which used to buy at their store.
Wawa CEO Chris Gheysens said, “Our information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019. This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained. At this time, we believe this malware no longer poses a risk to Wawa customers using payment cards at Wawa, and this malware never posed a risk to our ATM cash machines.”
What Happened?
“Based on our investigation to date, we understand that at different points in time after March 4, 2019, malware began running on in-store payment processing systems at potentially all Wawa locations. Although the dates may vary and some Wawa locations may not have been affected at all, this malware was present on most store systems by approximately April 22, 2019, Gheysens said.”
“Our information security team identified this malware on December 10, 2019, and by December 12, 2019, they had blocked and contained this malware. We also immediately initiated an investigation, notified law enforcement and payment card companies, and engaged a leading external forensics firm to support our response efforts. Because of the immediate steps we took after discovering this malware, we believe that as of December 12, 2019, this malware no longer poses a risk to customers using payment cards at Wawa.”
According to the Cyber intelligence company Gemini advisory.
- The point of compromise for BIGBADABOOM-III is Wawa, an East Coast-based convenience store and gas station. The company first discovered the breach on December 10, 2019.
- Since the breach may have affected over 850 stores and potentially exposed 30 million sets of payment records, it ranks among the largest payment card breaches of 2019, and of all time.
- The Joker’s Stash marketplace, one of the largest and most notorious dark web marketplaces for buying stolen payment card data, began uploading records from its latest major breach on January 27. The breach was titled “BIGBADABOOM-III.”
The Joker’s Stash marketplace, one of the largest and most notorious dark web marketplaces for buying stolen payment card data, has advertised its next major breach since December 2019. The shop’s administrator, “JokerStash,” announced that it would include US, European, and global cards purportedly including geolocation data listing the cardholder’s state, city, and ZIP Code.
The latest advertisement claimed that the cards would go live on January 27, 2020 at 11:00 PM EST. The full collection would include 30 million US records across more than 40 states, as well as over one million non-US records from more than 100 different countries.
According to Press Release by Wawa,
“Wawa, PA (January 28, 2020) – Today, we became aware of reports of criminal attempts to sell some customer payment card information potentially involved in the previous Data Security Incident announced by Wawa on December 19, 2019. We have alerted our payment card processor, payment card brands, and card issuers to heighten fraud monitoring activities to help further protect any customer information. We continue to work closely with federal law enforcement in connection with their ongoing investigation to determine the scope of the disclosure of Wawa-specific customer payment card data.”
“We continue to encourage our customers to remain vigilant in reviewing charges on their payment card statements and to promptly report any unauthorized use to the bank or financial institution that issued their payment card by calling the number on the back of the card. Under federal law and card company rules, customers who notify their payment card issuer in a timely manner of fraudulent charges will not be responsible for those charges. In the unlikely event any individual customer who has promptly notified their card issuer of fraudulent charges related to this incident is not reimbursed, Wawa will work with them to reimburse them for those charges.”
“Wawa remains focused on providing resources and support to our customers who may be impacted by this incident. We remind customers to sign up for the credit monitoring and identity theft protection we are offering free of charge by visiting our website (www.wawa.com/alerts/data-security) or by contacting our dedicated toll-free call center (1-844-386-9559).”
“We remain confident that the malware we discovered on December 10 was contained by December 12 and since that time has not posed a risk to our customers. We also remain confident that only payment card information was involved, and that no debit card PIN numbers, credit card CVV2 numbers or other personal information were involved. This incident did not impact ATM transactions.”
“At Wawa, nothing is more important than honoring and protecting our customers’ trust. Wawa continues to take steps to enhance the security of our systems.”
Check this essay writing service Customwritings.com
All the store companies should be updated and secured their payment systems. Why are they waiting for significant data breaches?
