Wawa Breach - Data On 30m Card Users For Sale

Uploaded on 2020-02-05 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

The payment card details of more than 30 million Americans, believed to have been stolen in a data breach at convenience store chain Wawa, have been put up for sale on the Dark Web. In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. 

Fraud experts now say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach of Wawa convenience stores and fuel stations that was first revealed in December.

The Joker’s Stash marketplace, one of the largest and most notorious dark web marketplaces for buying stolen payment card data, has advertised its next major breach since December 2019. The latest advertisement claimed that the cards would go live on January 27, 2020 at 11:00 PM EST. The full collection would include 30 million US records across more than 40 states, as well as over one million non-US records from more than 100 different countries.

While Wawa has the most of its locations in New Jersey and Pennsylvania, according to an anysis by Deep Web experts at Gemini Advisory, the highest exposure of cards currently comes from Wawa locations in Florida, followed by Pennsylvania. Joker’s Stash began advertising in December that it would upload a sizeable collection of US, European and global cards, including geolocation data listing the cardholder’s state, city, and ZIP Code, on Jan. 27. 

The clandestine marketplace boasted that the collection would include 30 million US records across more than 40 states, as well as more than 1 million international records from more than 100 different countries.

While Wawa, which operates mainly in Delaware, Florida, Maryland, New Jersey, Pennsylvania, Virginia and Washington, DC, discovered the breach in December, bad actors were collecting data for almost 10 months using malware on Wawa’s in-store payment processing system, the company said at the time. 

The malware first infected in-store payment processing systems after March 4; by April 22, most store system, more than 850 in total, had been affected.

Overall, the Joker’s Stash collection suggests that the Wawa breach has the dubious honor of being among some of the largest payment-card breaches of all time, joining other, more widely known retail companies. While it remains to be seen the financial affect Wawa will feel from the breach, historically such incidents cost the companies affected a considerable sum of money. 

Home Depot, for instance, lost $40 million in investigation and recovery costs, and eventually agreed to pay $19 million in compensation for the more than 50 million cardholders affected by its 2014 breach. In the 2013 a mega-breach at Target Corp. fraudsters stole roughly 40 million cards of which between one and three million were actually sold.

Wawa says that it is aware the card data has surfaced and that it has alerted its payment processor, card brands, and issuers to "heighten fraud monitoring activities".

PaymentCardsandMobile:      Threatpost:           GeminiAdvisory:      Krebs On Security:   FinExtra

You Might Also Read:

Why Is Retail Cyber Security So Weak?:

 

 

 

« Industry 4.0 - Changing How We Live
Preparing Your Employees & Business Systems For A Cyber Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

Patchstack

Patchstack

Patchstack (formerly WebARX) is a web application security platform, which allows digital agencies and developers to monitor, protect and maintain their websites.

Ministry of Defence Georgia - Cyber Security Bureau

Ministry of Defence Georgia - Cyber Security Bureau

The aim of the Cyber Security Bureau is to establish and develop stable, effective and secure Information and Communication Technology systems for the Civil Office of MoD of Georgia.

Nakivo

Nakivo

NAKIVO is dedicated to delivering the ultimate backup, ransomware protection and disaster recovery solution for virtual, physical, cloud and SaaS environments.

ICT Reverse

ICT Reverse

ICT Reverse is one of the UK’s leading, fully accredited providers of ICT asset disposal and secure data erasure.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

Nineteen Group

Nineteen Group

Nineteen Group delivers major-scale exhibitions within the security, fire, emergency services, health and safety, facilities management and maintenance engineering sectors.

SecurelyShare Software

SecurelyShare Software

SecurelyShare Software is a security software company, specializing in data security, data privacy and data governance.

Artjoker

Artjoker

Artjoker is a full cycle software development partner specialized in Blockchain projects and smart contract development including full cycle information security of all projects.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

Cool Waters Cyber

Cool Waters Cyber

Cool Waters Cyber manage cyber security governance, risk and compliance.

ITRM

ITRM

ITRM are one of the UK’s top managed service providers and offer a range of award-winning IT solutions, from ad-hoc consultancy to cyber security.

Prophet Security

Prophet Security

Prophet Security empowers organizations to triage, investigate, and respond to alerts with unparalleled speed and accuracy.

Charm Security

Charm Security

Charm Security is an AI-powered customer security platform that protects organizations and their customers from scams, social engineering, and human-centric fraud.