voyager9 3,417 Posted December 19, 2019 FYI: https://www.wawa.com/alerts/data-security Quote Today, I am very sorry to share with you that Wawa has experienced a data security incident. Our information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019. This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained. Ouch... that’s gonna sting... Quote Share this post Link to post Share on other sites
Krdshrk 3,872 Posted December 20, 2019 Quote Based on our investigation to date, we understand that at different points in time after March 4, 2019, malware began running on in-store payment processing systems at potentially all Wawa locations. Although the dates may vary and some Wawa locations may not have been affected at all, this malware was present on most store systems by approximately April 22, 2019. Our information security team identified this malware on December 10, 2019, and by December 12, 2019, they had blocked and contained this malware. So...... only in-store? Not gas station? Quote Share this post Link to post Share on other sites
PK90 3,569 Posted December 20, 2019 Why does Wawa keep people's payment info on their servers? Quote Share this post Link to post Share on other sites
voyager9 3,417 Posted December 20, 2019 1 hour ago, Krdshrk said: So...... only in-store? Not gas station? Article said pumps included Quote Share this post Link to post Share on other sites
maintenanceguy 509 Posted December 20, 2019 1 hour ago, PK90 said: Why does Wawa keep people's payment info on their servers? If the malware was on the payment processing server, it could sniff traffic between the terminal and the bank. It may have collected transaction data in real time, not stored. Quote Share this post Link to post Share on other sites
Sniper 6,372 Posted December 20, 2019 ...." Based on our investigation to date, this malware affected payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards used at potentially all Wawa in-store payment terminals and fuel dispensers beginning at different points in time after March 4, 2019 and ending on December 12, 2019. If you did not use a payment card at a Wawa in-store payment terminal or fuel dispenser during the relevant time frame, your information was not affected by this malware. So, it started in March 2019 and wasn't noticed until December 2019???? That's some crackerjack IT department and security network they have!!! NOT!!! Quote Share this post Link to post Share on other sites
Krdshrk 3,872 Posted December 20, 2019 44 minutes ago, voyager9 said: Article said pumps included Welp then I've been breached Quote Share this post Link to post Share on other sites
W2MC 1,699 Posted December 20, 2019 This covers...what? How many million people? Quote Share this post Link to post Share on other sites
Sniper 6,372 Posted December 20, 2019 18 minutes ago, W2MC said: This covers...what? How many million people? 850 stores over a 9 month period.... yeah, it's a lot. Considering everyone uses their cards to buy $1.50 cokes... hopefully this is a wake up call... Oh, nevermind, they won't learn. Quote Share this post Link to post Share on other sites
Kevin125 4,772 Posted December 20, 2019 1 hour ago, maintenanceguy said: If the malware was on the payment processing server, it could sniff traffic between the terminal and the bank. It may have collected transaction data in real time, not stored. Correct Quote Share this post Link to post Share on other sites
Kevin125 4,772 Posted December 20, 2019 Get a new card. Whoever the attackers were probably planned to sell the card info in bulk. Not use it themselves. Quote Share this post Link to post Share on other sites
this_is_nascar 162 Posted December 20, 2019 This is why I use Google Pay on my phone. The merchant never gets your real card number. Quote Share this post Link to post Share on other sites
voyager9 3,417 Posted December 20, 2019 7 minutes ago, this_is_nascar said: This is why I use Google Pay on my phone. The merchant never gets your real card number. Can you use Google/Apple pay at the pumps? Quote Share this post Link to post Share on other sites
CMJeepster 2,765 Posted December 20, 2019 11 hours ago, maintenanceguy said: If the malware was on the payment processing server, it could sniff traffic between the terminal and the bank. It may have collected transaction data in real time, not stored. Think that's the reason why someone put pickles on my tuna hoagie yesterday? 1 1 Quote Share this post Link to post Share on other sites
raz-0 1,256 Posted December 20, 2019 13 hours ago, PK90 said: Why does Wawa keep people's payment info on their servers? They have to keep enough data for payment processing. Most likely it's not that stored records were leaked, but that malware was in place that snooped all the payment traffic going across their payment infrastructure. 1 Quote Share this post Link to post Share on other sites
this_is_nascar 162 Posted December 20, 2019 8 hours ago, voyager9 said: Can you use Google/Apple pay at the pumps? Yes, I believe so, although I'd not want to give an attendant my phone. Quote Share this post Link to post Share on other sites
voyager9 3,417 Posted December 20, 2019 4 minutes ago, this_is_nascar said: Yes, I believe so, although I'd not want to give an attendant my phone. Idk. Even if the system supported it I’m pretty sure you have to authenticate (faceID/PIN) then hold the phone to the reader. No way I’m handing a post-authenticated phone to a pump-monkey. Now if we could pump our own gas.... Quote Share this post Link to post Share on other sites
Sniper 6,372 Posted January 30, 2020 Looks like your personal data is being sold to the highest bidder... ...."Things just got worse for Wawa's after the company's recent massive data breach announced in December. Now, it appears that credit and debit card information belonging to the chain's customers is being offered for sale online, according to Bloomberg. The data breach “ranks among the largest payment card breaches of 2019, and of all time” said fraud intelligence company Gemini Advisory. The data breach was announced back in December. Gemini has since found that data from cards used at Wawa stores is available for sale on "Joker's Stash", a notorious online marketplace where credit card information is often bought and sold. On Monday, data from 100,000 cards became available but Joker's Stash claimed it had data on 30 million cards of Wawa customers. It's likely that more data will be released in batches over the next 12 to 18 months, Gemini said. " Quote Share this post Link to post Share on other sites
RUTGERS95 889 Posted January 30, 2020 do they list what locations? Quote Share this post Link to post Share on other sites
Sniper 6,372 Posted January 30, 2020 7 minutes ago, RUTGERS95 said: do they list what locations? All of them. Quote Share this post Link to post Share on other sites
RUTGERS95 889 Posted January 31, 2020 7 minutes ago, Sniper said: All of them. I read it was not but then reading again it looks like it may have been. what a clusterfk. glad I go to 7eleve:) Quote Share this post Link to post Share on other sites
MartyZ 691 Posted January 31, 2020 I always used 1 card at wawa, had it changed the day the news came out. I have had my credit card number stolen so many times already that I only pay cash for gas and restaurants, and only keep 1 active credit card, easier to keep track of. Quote Share this post Link to post Share on other sites
CMJeepster 2,765 Posted January 31, 2020 13 hours ago, RUTGERS95 said: glad I go to 7eleve:) Glad I pay cash. 1 Quote Share this post Link to post Share on other sites
Zeke 5,504 Posted January 31, 2020 7 minutes ago, CMJeepster said: Glad I pay cash. This is why I don’t use debit cards. At least there is a layer with cc’s. I’ve had a few issues with fraud in the past. Quote Share this post Link to post Share on other sites
CMJeepster 2,765 Posted January 31, 2020 52 minutes ago, Zeke said: This is why I don’t use debit cards. At least there is a layer with cc’s. I’ve had a few issues with fraud in the past. I do use my debit card at my local gas station (pretty much the only place that I buy gas on a weekly basis) to get the cash price. If my card gets stolen, I'd know exactly where to go. Any other place that I buy gas from gets my credit card. Cash is used for all Wawa purchases excluding gas. Quote Share this post Link to post Share on other sites
MartyZ 691 Posted January 31, 2020 9 minutes ago, CMJeepster said: I do use my debit card at my local gas station (pretty much the only place that I buy gas on a weekly basis) to get the cash price. If my card gets stolen, I'd know exactly where to go. Any other place that I buy gas from gets my credit card. Cash is used for all Wawa purchases excluding gas. Last time my cc number was stolen was from a wawa gas purchase. The attendant most likely had a scanner in his pocket. Quote Share this post Link to post Share on other sites
voyager9 3,417 Posted January 31, 2020 Using ApplePay and the android equivalent is also an option. It doesn’t provide your actual credit/debit card to the POS but a device-specific number that can only be used by that device Quote Share this post Link to post Share on other sites
kc17 622 Posted January 31, 2020 The Wawa near work recently installed chip readers at the pump; the "tap and pay" option was disabled at the time. I never give card to gas jockeys; I get out of my vehicle and watch them, or do it myself if they don't get there fast enough. Quote Share this post Link to post Share on other sites
Sniper 6,372 Posted January 31, 2020 4 hours ago, MartyZ said: Last time my cc number was stolen was from a wawa gas purchase. The attendant most likely had a scanner in his pocket. 1 hour ago, kc17 said: I never give card to gas jockeys; I get out of my vehicle and watch them, or do it myself if they don't get there fast enough. Think about it, do you really think these gas jockeys are that technologically connected that they're hiding card readers in their pockets, scanning your cards. They're gas jockeys NOT rocket scientists.... Plus, they are being watched on camera, 24/7. Your card data was picked up by malware in their card processing system, the gas jockeys had nothing to do with it. Quote Share this post Link to post Share on other sites
kc17 622 Posted January 31, 2020 I know the jockeys were not responsible this time. It doesn't matter. I don't want them touching my truck at all. Quote Share this post Link to post Share on other sites