30 million payment card details were stolen from over 700 WAWA stores.
WAWA, Inc. is a chain of convenience and fuel retail stores, which has over 850 retail stores in the United States (Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida, and Washington, DC).
According to threat intelligence firm Gemini Advisory, on 27th January 2020, hackers started uploading stolen payment card data from WAWA at Joker's Stash marketplace, titled as 'BIGBADABOOM-III,' which reportedly includes card numbers, expiration dates, and cardholder names.
The hackers eventually put up payment card details of more than 30 million WAWA breach victims on sale at Joker's Stash, one of the largest dark web marketplaces where cybercriminals buy and sell stolen payment card data.
Identifying what was compromised
On December the 10th, WAWA learned that its point-of-sale servers had malware installed since March 2019, which stole payment details of its customers from potentially all WAWA locations. The malware stole credit and debit card information, including card numbers, expiration dates, and customer names on the payment cards used at potentially all of its in-store payment terminals and gas pumps between 4th March 2019 and 12th December 2019.
The company is not aware of how many customers may have been affected in the nine-month-long breach or of any unauthorized use of payment card information as a result of the incident.
WAWA contained the breach
The company's information security team fully contained the malware within two days of its discovery, and immediately initiated an investigation by engaging a leading external forensics firm to investigate the incident and verify the extent of the breach.
The WAWA breach is one of largest credit card breaches in the history of the United States, potentially exposing 30 million sets of payment records.
While this might not be always the case, there are
4 steps to protect your company against payment card data breach:
- Be Compliant with PCI DSS compliance
- Conduct security risk assessment
- Conduct vulnerability assessment and penetration test
- Proactive monitoring the network and systems
How MBG can help you protect your payment card data
- Implement privacy & information security by design
- Implement PCI DSS standard
- Perform security risk / gap assessment
- Conduct cyber security maturity assessment
- Perform vulnerability assessment and penetration test
- Conduct IT forensic investigation
Contact our Technology Advisory Team to know more