Security News

The company said it discovered the breach recently, after being notified by a third-party that "There may have been unauthorized access to data from payment cards that were used at some Rutter's locations." Rutter's investigation revealed on January 14 that hackers had planted malware on payment processing systems, allowing them to obtain information from credit and debit cards used at point-of-sale devices at fuel pumps and convenience stores.

That's because hackers have finally put up payment card details of more than 30 million Wawa breach victims on sale at Joker's Stash, one of the largest dark web marketplaces where cybercriminals buy and sell stolen payment card data. Now it turns out that the Wawa breach marked itself in the list of largest credit card breaches ever happened in the history of the United States, potentially exposing 30 million sets of payment records.

Combined with its existing Agent Assist and IVR payment solutions, PCI Pal Digital will enable a true omnichannel secure payments environment for contact centers and businesses taking payments across the globe. "As we see the increased adoption of digital channels within organizations, including both our partners and direct customers, we believe that now is the time to introduce our digital payment offering supplementing our existing Agent Assist and IVR solutions," said James Barham, CEO, PCI Pal.

A long-running marketplace for selling stolen payment card data is advertising a large new batch linked to the breach at Wawa convenience stores late last year. Joker's Stash claims its latest dump contains as many as 30 million payment cards from 40 states.

Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground's most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach. A spokesperson for Wawa confirmed that the company today became aware of reports of criminal attempts to sell some customer payment card information potentially involved in the data security incident announced by Wawa on December 19, 2019.

Attackers using Ryuk and Sodinokibi - aka REvil - are increasingly "Focusing their attacks on large companies where they can attempt to extort the organization for a seven-figure payout," it says, noting that the average Ryuk ransom payment last quarter was $780,000. One commonality across all types of tools is that attackers overwhelmingly continue to demand ransom payments in bitcoins.

New York state senators have proposed two bills that would require government agencies to tell ransomware attackers to get lost. We've seen mayors in US cities resolve to eschew paying ransom to get their systems back from attackers, but New York is the first state to make a move in that direction - and to back it up with actual legislation.

Aleksey Burkov, a Russian national who was extradited to the U.S. from Israel in November, pleaded guilty Thursday to federal charges related to owning and operating a site called "Cardplanet," which trafficked in stolen payment card data, according to the Justice Department. Burkov, 29, pleaded guilty to charges that included access device fraud; conspiracy to commit computer intrusion, identity theft, wire and access device fraud; and money laundering.

Faster payments are the new reality in more than 40 countries, and this innovation is benefiting consumers and businesses alike. Criminals are also enjoying the speed and non-refutable nature of these transfers, and in many deployments faster payments quickly translates to faster fraud.

Paysafe, a leading specialized payments platform, has expanded its omni-channel payments offering through the launch of the Cloud SDK from Handpoint, a pioneer in defining integrated payments. Complementing the existing Handpoint APIs and SDKs used by Paysafe clients with Android, iOS, and desktop apps, the Cloud SDK allows independent software vendors with cloud-based platforms to provide businesses with enhanced in-person payments.