- Nov 3, 2019
- 413
On the same day this week, two restaurants and a convenience store, all with locations across the U.S., disclosed security breach incidents that may have enabled attackers to steal customer payment card data.
In all three cases, malware designed to collect magnetic stripe data was discovered on payment processing servers for card transactions.
Wawa store, food market, coffee shop, gas pump
The most prominent on this shortlist is Wawa convenience store chain, with all its locations potentially impacted starting March 4, 2019.
Current investigation results show that exposed payment card (debit and credit) information includes numbers, expiration dates, and cardholder names.
In the data breach notification on Thursday, Wawa informs that personal identification numbers (PIN) needed for approving transactions, typically above a specific limit, were not impacted. CVVs (card validation value) used for card-not-present purchases (online shopping) also remained safe.
Wawa's security team found the malicious software on the payment processing servers on December 10 and was able to contain it by December 12. The investigation determined that the "malware began running at different points in time after March 4, 2019."
Chris Gheysens, Wawa CEO, says that none of the impacted customers will support the fraudulent charges related to the incident. Free identity protection and credit monitoring services are provided free of charge Wawa customers whose information may have been involved.
In all three cases, malware designed to collect magnetic stripe data was discovered on payment processing servers for card transactions.
Wawa store, food market, coffee shop, gas pump
The most prominent on this shortlist is Wawa convenience store chain, with all its locations potentially impacted starting March 4, 2019.
Current investigation results show that exposed payment card (debit and credit) information includes numbers, expiration dates, and cardholder names.
In the data breach notification on Thursday, Wawa informs that personal identification numbers (PIN) needed for approving transactions, typically above a specific limit, were not impacted. CVVs (card validation value) used for card-not-present purchases (online shopping) also remained safe.
Wawa's security team found the malicious software on the payment processing servers on December 10 and was able to contain it by December 12. The investigation determined that the "malware began running at different points in time after March 4, 2019."
Chris Gheysens, Wawa CEO, says that none of the impacted customers will support the fraudulent charges related to the incident. Free identity protection and credit monitoring services are provided free of charge Wawa customers whose information may have been involved.
