Mon. Apr 6th, 2020

US supermarket chain Wawa hacked: over 30 million payment records were leaked

2 min read

This week a hacker group sold more than 30 million payment records on Joker’s Stash, an online cybercrime marketplace. According to experts at threat intelligence company Gemini Advisory, the credit card data sold can be traced back to the East Coast of the United States convenience store chain, Wawa.

It is reported that hackers at Joker’s Stash said that they will upload data on 30 million U.S. cardholders from more than 40 states and more than 1 million international cardholders from more than 100 different countries, including states, city, zip code, and geographic location.

exposed PIN code

Data shows that Wawa has the most branches in New Jersey and Pennsylvania, but according to disclosed research data, the highest exposure rate of the payment card information is currently the Wawa branch in Florida, followed by Pennsylvania. In fact, as early as a month ago, the research team disclosed this major security flaw in Wawa, during which the company admitted that hackers had implanted malware on its sales system. A relevant person in charge of Wawa said that the malware collected information about all users who used credit or debit cards to purchase goods at their convenience stores and gas stations. The company said the violation affected almost convenience stores and that the malware was discovered after several months of running the company’s system.

In response to the possible dangers of the information sale, Wawa said that it has reminded the payment card processor system and the relevant banks and card issuers of the payment card to strengthen fraud monitoring activities to help further protect the security of compromised users’ accounts. Wawa also added that they will continue to work with law enforcement to investigate the hacking. At the same time, Wawa said that it is fortunate that the leaked user information only involves the payment card number information, not the card’s payment password, credit card CVV2 number, or other personal information.

Via: WawaGemini Advisory