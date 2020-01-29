Advertisement

Credit and debit card information from WaWa Inc. food and gas chain customers is sold online, according to Gemini Advisory.

Gemini Advisory said in a report on Tuesday that the breach was “one of the biggest payment card violations in 2019 and all time” as it potentially affected 850 stores and 30 million payment records.

The message follows WaWa’s announcement in December that payment processors at its branches have been compromised.

Advertisement

Gemini discovered that data from cards used at WaWa – many of which are owned by U.S. financial institutions – is available for sale on Joker’s Stash, a notorious online marketplace where credit and debit card information is bought and sold.

Data on nearly 100,000 cards became available on Monday, but according to Gemini Advisory, Joker’s Stash had data from 30 million cards from WaWa customers. According to Andrei Barysevich, co-founder of Gemini Advisory, Joker’s Stash will be releasing additional card data in batches over the next 12 to 18 months.

In a statement on Tuesday, WaWa said that it had “learned of reports of criminal attempts to sell customer payment card information.” The company has alerted its payment card processor, payment card brands and card issuers to step up fraud monitoring to protect customers. WaWa offers its customers free credit monitoring and theft protection.

Malware ran on WaWa payment processors from March to December, when the company discovered and stopped them, wrote then CEO Chris Gheysens in a letter. He said “possibly all” WaWa locations are affected – a result that is consistent with Gemini Advisory’s preliminary analysis.

On Tuesday, the company said it was confident that the violation would be contained on December 12, two days after it was discovered. “We remain confident that only credit card information was affected and that no debit card PIN numbers, credit card CVV2 numbers, or other personal information were affected.”

This story was published from a news agency feed with no changes to the text. Only the heading has been changed.

subjects

Advertisement