 "30 mn debit, credit card details of WaWa customers up for sale online")
Credit and debit card information from customers of the food and gasoline chain WaWa Inc is being sold online, according to the fraud intelligence company Gemini Advisory.
The breach “ranks among the largest payment card breaches of 2019, and of all time” because it potentially affected 850 stores and 30 million payment records, Gemini Advisory said in a report on Tuesday. The news follows WaWa’s announcement in December that payment processors in its stores had been compromised.
Gemini discovered that data from cards used at WaWa — many of which belong to US financial institutions — is available for sale on Joker’s Stash, a notorious online marketplace where credit and debit card information is bought and sold.
Data on almost 100,000 cards became available on Monday, but Joker’s Stash claimed it had data from 30 million cards of WaWa customers, according to Gemini Advisory. It’s likely that Joker’s Stash will release additional card data in batches over the next 12 to 18 months, Gemini Advisory co-founder Andrei Barysevich said. WaWa said it was “aware of reports of criminal attempts to sell come customer payment card information.” The company said it had alerted its payment card processor, payment card brands and card issuers to heighten fraud monitoring to protect customers.
WaWa has offered free credit monitoring and identify theft protection to customers.
Malware ran on WaWa payment processors from March until December, when the company discovered and stopped it, Chief Executive Officer Chris Gheysens wrote in a letter at the time. He said “potentially all” WaWa locations were affected -- a finding that aligns with Gemini Advisory’s preliminary analysis.
On Tuesday, the company said it was confident the breach was contained on Dec. 12, two days after it was discovered. “We also remain confident that only payment card information was involved, and that no debit card PIN numbers, credit card CVV2 numbers or other personal information were involved.”
The breach “ranks among the largest payment card breaches of 2019, and of all time” because it potentially affected 850 stores and 30 million payment records, Gemini Advisory said in a report on Tuesday. The news follows WaWa’s announcement in December that payment processors in its stores had been compromised.
Gemini discovered that data from cards used at WaWa — many of which belong to US financial institutions — is available for sale on Joker’s Stash, a notorious online marketplace where credit and debit card information is bought and sold.
Data on almost 100,000 cards became available on Monday, but Joker’s Stash claimed it had data from 30 million cards of WaWa customers, according to Gemini Advisory. It’s likely that Joker’s Stash will release additional card data in batches over the next 12 to 18 months, Gemini Advisory co-founder Andrei Barysevich said. WaWa said it was “aware of reports of criminal attempts to sell come customer payment card information.” The company said it had alerted its payment card processor, payment card brands and card issuers to heighten fraud monitoring to protect customers.
WaWa has offered free credit monitoring and identify theft protection to customers.
Malware ran on WaWa payment processors from March until December, when the company discovered and stopped it, Chief Executive Officer Chris Gheysens wrote in a letter at the time. He said “potentially all” WaWa locations were affected -- a finding that aligns with Gemini Advisory’s preliminary analysis.
On Tuesday, the company said it was confident the breach was contained on Dec. 12, two days after it was discovered. “We also remain confident that only payment card information was involved, and that no debit card PIN numbers, credit card CVV2 numbers or other personal information were involved.”
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%