Wawa Data Breach Includes Information On 30 Million Customers

February 4, 2020

Written by wukovits

Another week, another high-profile data breach. This time, it’s a big one.

In December 2019, the convenience store chain Wawa disclosed that they had discovered malware on their point of sale system and that tens of millions of customer records were at risk. Those at risk were potentially anyone who had paid for their gas and other sundries with a debit or credit card.

Further, they admitted that the breach impacted all 860 of its locations. Worse, the company discovered that the malware had been in place for at least four months, which makes it a positively massive breach.

A recently published Gemini Security Advisory described it this way:

Since the breach may have affected over 850 stores and potentially exposed 30 million sets of payment records, it ranks among the largest payment card breaches of 2019, and of all time. It is comparable to Home Depot’s 2014 breach exposing 50 million customers’ data or to Target’s 2013 breach exposing 40 million sets of payment card data.”

It was only a matter of time before a haul that large showed up on the Dark Web, and that has now happened. Recently, security researchers have spotted a file called “BigBadaBoom-III.” The payment card data it contains traces back to Wawa.

At present, the records are being sold for an average of $17 each. Given the size of the breach, that represents a breathtaking payday for the hackers.

If you’ve been to a Wawa convenience store in the last six months, the safe bet is to assume that your payment card has been compromised and proceed accordingly. Doing nothing is a recipe for disaster, especially given that the database containing the card data is already up for sale. It’s only a matter of time until someone gets their hands on your payment data and starts making illicit use of it.

Used with permission from Article Aggregator

Related Articles

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers...

Send us a message

Your message was sent.

Thank you for contacting Bayou Technologies. We'll be in touch soon!

Need help? support-icon