PoS Malware Skimmed Convenience Store Card Data for 8 Months

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://arstechnica.com/information-technology/2019/12/pos-malware-skimmed-convenience-store-customers-card-data-for-8-months/
US convenience store Wawa said on Thursday that it recently discovered malware that skimmed customers' payment card data at just about all of its 850 stores.

The infection began rolling out to the store's payment-processing system on March 4 and wasn't discovered until December 10, an advisory published on the company's website said. It took two more days for the malware to be fully contained. Most locations' point-of-sale systems were affected by April 22, 2019, although the advisory said some locations may not have been affected at all. The malware collected payment card numbers, expiration dates, and cardholder names from payment cards used at "potentially all Wawa in-store payment terminals and fuel dispensers." The advisory didn't say how many customers or cards were affected. The malware didn't access debit card PINs, credit card CVV2 numbers, or driver license data used to verify age-restricted purchases. Information processed by in-store ATMs was also not affected. The company has hired an outside forensics firm to investigate the infection.
Click to expand...
Thursday's disclosure came after Visa issued two security alerts—one in November and another this month—warning of payment-card-skimming malware at North American gasoline pumps. Card readers at self-service fuel pumps are particularly vulnerable to skimming because they continue to read payment data from cards' magnetic stripes rather than card chips, which are much less susceptible to skimmers.
Click to expand...
 
  • Like
  • +Reputation
Reactions: SunMan09, Gandalf_The_Grey, harlan4096 and 2 others
upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach.
Click to expand...

 
  • Like
Reactions: silversurfer and harlan4096
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Wow
    • Like
    • Applause
Air Europa data breach: Customers warned to cancel credit cards
Replies
0
Views
1,120
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
PoS malware can block contactless payments to steal credit cards
Replies
0
Views
440
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Canada's largest alcohol retailer's site hacked to steal credit cards
Replies
1
Views
495
News Archive
Andrezj
Andrezj

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top