Jump to content
voyager9

WAWa Data Breach

Recommended Posts

FYI:

https://www.wawa.com/alerts/data-security

Quote

Today, I am very sorry to share with you that Wawa has experienced a data security incident.  Our information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019.  This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained. 

Ouch... that’s gonna sting...

Share this post


Link to post
Share on other sites
Quote

Based on our investigation to date, we understand that at different points in time after March 4, 2019, malware began running on in-store payment processing systems at potentially all Wawa locations.  Although the dates may vary and some Wawa locations may not have been affected at all, this malware was present on most store systems by approximately April 22, 2019.  Our information security team identified this malware on December 10, 2019, and by December 12, 2019, they had blocked and contained this malware. 

So...... only in-store?  Not gas station?

 

Share this post


Link to post
Share on other sites
1 hour ago, PK90 said:

Why does Wawa keep people's payment info on their servers?

If the malware was on the payment processing server, it could sniff traffic between the terminal and the bank.   It may have collected transaction data in real time, not stored.

Share this post


Link to post
Share on other sites

...." Based on our investigation to date, this malware affected payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards used at potentially all Wawa in-store payment terminals and fuel dispensers beginning at different points in time after March 4, 2019 and ending on December 12, 2019.    If you did not use a payment card at a Wawa in-store payment terminal or fuel dispenser during the relevant time frame, your information was not affected by this malware. 

So, it started in March 2019 and wasn't noticed until December 2019????  That's some crackerjack IT department and security network they have!!!   NOT!!!

Share this post


Link to post
Share on other sites
18 minutes ago, W2MC said:

This covers...what?  How many million people?

 

850 stores over a 9 month period....  yeah, it's a lot.

Considering everyone uses their cards to buy $1.50 cokes... hopefully this is a wake up call...

Oh, nevermind, they won't learn.

Share this post


Link to post
Share on other sites
11 hours ago, maintenanceguy said:

If the malware was on the payment processing server, it could sniff traffic between the terminal and the bank.   It may have collected transaction data in real time, not stored.

Think that's the reason why someone put pickles on my tuna hoagie yesterday?

  • Like 1
  • Haha 1

Share this post


Link to post
Share on other sites
13 hours ago, PK90 said:

Why does Wawa keep people's payment info on their servers?

They have to keep enough data for payment processing. Most likely it's not that stored records were leaked, but that malware was in place that snooped all the payment traffic going across their payment infrastructure. 

  • Agree 1

Share this post


Link to post
Share on other sites
4 minutes ago, this_is_nascar said:

Yes, I believe so, although I'd not want to give an attendant my phone.

 

Idk. Even if the system supported it I’m pretty sure you have to authenticate (faceID/PIN) then hold the phone to the reader. No way I’m handing a post-authenticated phone to a pump-monkey.  Now if we could pump our own gas....

Share this post


Link to post
Share on other sites

Looks like your personal data is being sold to the highest bidder...

...."Things just got worse for Wawa's after the company's recent massive data breach announced in December. 

Now, it appears that credit and debit card information belonging to the chain's customers is being offered for sale online, according to Bloomberg. The data breach “ranks among the largest payment card breaches of 2019, and of all time” said fraud intelligence company Gemini Advisory. 

The data breach was announced back in December. Gemini has since found that data from cards used at Wawa stores is available for sale on "Joker's Stash", a notorious online marketplace where credit card information is often bought and sold. 

On Monday, data from 100,000 cards became available but Joker's Stash claimed it had data on 30 million cards of Wawa customers. It's likely that more data will be released in batches over the next 12 to 18 months, Gemini said. "

Share this post


Link to post
Share on other sites
52 minutes ago, Zeke said:

This is why I don’t use debit cards. At least there is a layer with cc’s. I’ve had a few issues with fraud in the past.

I do use my debit card at my local gas station (pretty much the only place that I buy gas on a weekly basis) to get the cash price.  If my card gets stolen, I'd know exactly where to go.  Any other place that I buy gas from gets my credit card.  Cash is used for all Wawa purchases excluding gas.

Share this post


Link to post
Share on other sites
9 minutes ago, CMJeepster said:

I do use my debit card at my local gas station (pretty much the only place that I buy gas on a weekly basis) to get the cash price.  If my card gets stolen, I'd know exactly where to go.  Any other place that I buy gas from gets my credit card.  Cash is used for all Wawa purchases excluding gas.

Last time my cc number was stolen was from a wawa gas purchase. The attendant most likely had a scanner in his pocket.

Share this post


Link to post
Share on other sites
4 hours ago, MartyZ said:

Last time my cc number was stolen was from a wawa gas purchase. The attendant most likely had a scanner in his pocket.

 

1 hour ago, kc17 said:

I never give card to gas jockeys; I get out of my vehicle and watch them, or do it myself if they don't get there fast enough.

Think about it, do you really think these gas jockeys are that technologically connected that they're hiding card readers in their pockets, scanning your cards. They're gas jockeys NOT rocket scientists.... Plus, they are being watched on camera, 24/7.

Your card data was picked up by malware in their card processing system, the gas jockeys had nothing to do with it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.



×
×
  • Create New...