World’s biggest data breach! 30 million credit, debit card details up for sale online

By: |
January 29, 2020 8:38 PM

Data on almost 100,000 cards became available on Monday, but Joker’s Stash claimed it had data from 30 million cards of Wawa customers, according to Gemini Advisory.

The news follows Wawa’s announcement in December that payment processors in its stores had been compromised. (Representative image)The news follows Wawa’s announcement in December that payment processors in its stores had been compromised.
(Representative image)

Credit and debit card information from customers of the food and gasoline chain Wawa Inc. is being sold online, according to the fraud intelligence company Gemini Advisory.

The breach “ranks among the largest payment card breaches of 2019, and of all time” because it potentially affected 850 stores and 30 million payment records, Gemini Advisory said in a report on Tuesday.

The news follows Wawa’s announcement in December that payment processors in its stores had been compromised.

Gemini discovered that data from cards used at Wawa — many of which belong to U.S. financial institutions — is available for sale on Joker’s Stash, a notorious online marketplace where credit and debit card information is bought and sold.

Data on almost 100,000 cards became available on Monday, but Joker’s Stash claimed it had data from 30 million cards of Wawa customers, according to Gemini Advisory. It’s likely that Joker’s Stash will release additional card data in batches over the next 12 to 18 months, Gemini Advisory co-founder Andrei Barysevich said in an email.

In a statement Tuesday, Wawa said it was “aware of reports of criminal attempts to sell come customer payment card information.” The company said it had alerted its payment card processor, payment card brands and card issuers to heighten fraud monitoring to protect customers. Wawa has offered free credit monitoring and identify theft protection to customers.

Malware ran on Wawa payment processors from March until December, when the company discovered and stopped it, Chief Executive Officer Chris Gheysens wrote in a letter at the time. He said “potentially all” Wawa locations were affected — a finding that aligns with Gemini Advisory’s preliminary analysis.

On Tuesday, the company said it was confident the breach was contained on Dec. 12, two days after it was discovered. “We also remain confident that only payment card information was involved, and that no debit card PIN numbers, credit card CVV2 numbers or other personal information were involved.”

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1Chinese hackers caught running massive malware campaign in guise of McAfee antivirus software: Google
2Samsung Galaxy S21, Galaxy S21 Ultra design leaked; launch tipped for January 2021
3iPhone 12 Pro could be made in India soon, suggests new report