Wawa Card Breach Becomes Huge Problem Since 30M Stolen Cards Are Put Online For Sale

It hasn’t been long since we heard of the Wawa card breach following a malware attack. Now, the attackers have also put up the stolen data online for sale. This new data dump revealed the huge impact of the incident since the data for sale includes 30 million records.

Wawa Card Breach – Data Put On Sale

In December 2019, Wawa Stores became a victim of a massive POS malware campaign attacking different targets. The malware continued to run on the store’ POS at different locations for about nine months. And, during this time, the malware pilfered comprehensive payment card data of the users.

While, at that time, the extent of the attack remained unveiled. However, it now appears that it at least lost 30 million records to the attackers.

According to a recent report from Brian Krebs, starting this week, the popular fraud website in the underground world, Joker’s Stash, advertised a huge data dump. Boasted as ‘BIGBADABOOM-III’, the data dump included more than 30 million records from a ‘nationwide breach’. Krebs could further trace the data back to the Wawa data breach.

Source: KrebsOnSecurity

Wawa Aware Of The Data Sale

According to a recent press release, Wawa has confirmed the appearance of stolen data online for sale. They have also elaborated on their collaboration with financial institutions over the matter.

We have alerted our payment card processor, payment card brands, and card issuers to heighten fraud monitoring activities to help further protect any customer information.  We continue to work closely with federal law enforcement in connection with their ongoing investigation to determine the scope of the disclosure of Wawa-specific customer payment card data.

They also reassure their customers they will provide support in case of any difficulty regarding reimbursement of any fraudulent transactions.

Under federal law and card company rules, customers who notify their payment card issuer in a timely manner of fraudulent charges will not be responsible for those charges.  In the unlikely event any individual customer who has promptly notified their card issuer of fraudulent charges related to this incident is not reimbursed, Wawa will work with them to reimburse them for those charges.

Additionally they have also confirmed that they contained the malware attack on December 12, 2019. And, since then, the customers remain safe while making purchases with Wawa.

Wawa urge all the customers to remain vigilant regarding charges on their payment cards to detect any potential fraud.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients