Expand / Collapse search
Watch TV
Menu

Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital SolutionsLegal Statement.

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. FAQ - New Privacy Policy

Tech
Published

Wawa breach: Over 30M payment records posted for sale on dark web

It could be one of the largest data breaches in American history

Palo Alto Networks CEO Nikesh Arora argues cyber threats will only get worse as there is increasing demand for user data, but that servers are more secure now than they were even a few years ago. Video

Payment and credit card information from more than 30 million Wawa customers was posted for sale Monday via the dark web forum Joker’s Stash, a website used by cybercriminals for fraud, according to several reports.

WAWA SAYS DATA BREACH AFFECTED THOUSANDS OVER 10 MONTHS

The compromised card data listing was shared under a thread titled "BIGBADABOOM-III," and it was noted as “the most biggest (sic) breach for the last 5 years” in a screenshot captured by cybercrime research firm Gemini Advisory.

A screenshot of dark web forum Joker's Stash reveals a post claiming to have access to millions of payment records for sale. (Gemini Advisory)

Wawa was not named in listing, but Gemini Advisory and other publications have linked the sale attempt to the American convenience store and gas station chain’s breach. In a press release from Dec. 19, Wawa announced it had discovered malware that may have affected more than 850 stores and included payment records from March 4 and Dec. 12, 2019.

WAWA FACING LAWSUITS OVER DATA BREACH AT ALL OF ITS STORES

Wawa issued a statement Tuesday afternoon regarding the reported illegal sale. However, it has not been confirmed whether the Joker’s Stash post is legitimate or connected to the chain.

The Wawa convenience store chain says a data breach may have collected debit and credit card information from thousands of customers, Thursday, Dec. 19, 2019. (AP Photo/Matt Rourke, File)

“We have alerted our payment card processor, payment card brands, and card issuers to heighten fraud monitoring activities to help further protect any customer information,” officials at Wawa wrote. “We continue to work closely with federal law enforcement in connection with their ongoing investigation to determine the scope of the disclosure of Wawa-specific customer payment card data.”

WHAT IS CYBER INSURANCE AND WHY YOUR BUSINESS NEEDS IT

Wawa officials urged affected customers to remain vigilant in their transaction monitoring and report any fraudulent charges to authorities.

After discovering the malware in its system on Dec. 10, the breach was contained by Dec. 12, according to Wawa. The company stressed that payment records have not been at risk since.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

“We also remain confident that only payment card information was involved, and that no debit card PIN numbers, credit card CVV2 numbers or other personal information were involved,” the statement continued for clarification. “This incident did not impact ATM transactions.”

Although limited information was obtained through the hack, Andrei Barysevich of Gemini Advisory told Fortune cybercriminals are still willing to pay for credit and debit card numbers. The median price for this info is $17 per card, according to Barysevich.

The cards could still be used at stores using older swipe technology.

CLICK HERE TO READ MORE ON FOX BUSINESS

The Federal Trade Commission estimates that as many as nine million Americans get their identities stolen each year. Moreover, a study from The Motley Fool reports that credit card fraud tripled between 2014 and 2018.