Security News
The company said it discovered the breach recently, after being notified by a third-party that "There may have been unauthorized access to data from payment cards that were used at some Rutter's locations." Rutter's investigation revealed on January 14 that hackers had planted malware on payment processing systems, allowing them to obtain information from credit and debit cards used at point-of-sale devices at fuel pumps and convenience stores.
That's because hackers have finally put up payment card details of more than 30 million Wawa breach victims on sale at Joker's Stash, one of the largest dark web marketplaces where cybercriminals buy and sell stolen payment card data. Now it turns out that the Wawa breach marked itself in the list of largest credit card breaches ever happened in the history of the United States, potentially exposing 30 million sets of payment records.
A long-running marketplace for selling stolen payment card data is advertising a large new batch linked to the breach at Wawa convenience stores late last year. Joker's Stash claims its latest dump contains as many as 30 million payment cards from 40 states.
Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground's most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach. A spokesperson for Wawa confirmed that the company today became aware of reports of criminal attempts to sell some customer payment card information potentially involved in the data security incident announced by Wawa on December 19, 2019.
Aleksey Burkov, a Russian national who was extradited to the U.S. from Israel in November, pleaded guilty Thursday to federal charges related to owning and operating a site called "Cardplanet," which trafficked in stolen payment card data, according to the Justice Department. Burkov, 29, pleaded guilty to charges that included access device fraud; conspiracy to commit computer intrusion, identity theft, wire and access device fraud; and money laundering.
Dixons Retail is facing a £500,000 penalty from the Information Commissioner's Office after a hacker installed malware that infected thousands of point of sale tills and scooped up 5.6 million payment card details. The ICO told us that in addition to the aforementioned personal financial data, Dixons had initially found that roughly 10 million non-financial records had also been pilfered from the retailer's internal servers and exfiltrated.
A researcher has found two new methods that payment card number thieves are using to try to stay under the radar. The attackers are sometimes referred to as Magecart, a name for a slew of groups that steal payment card numbers.
Houston, Texas-based dining, hospitality and gaming company Landry's revealed recently that it had discovered a piece of malware designed to steal payment card information on its systems. Following a payment card breach that hit the company's restaurants in 2015, Landry's started using a payment processing solution that relies on end-to-end encryption to protect sensitive information on point-of-sale terminals.
Landry's, a popular restaurant chain in the United States, has announced a malware attack on its point of sale systems that allowed cybercriminals to steal customers' payment card information. According to the breach notification published this week, the malware was designed to search for and likely steal sensitive customer credit card data, including credit card numbers, expiration dates, verification codes and, in some cases, cardholder names.
California-based burger chain Island Restaurants recently informed customers that it had identified a piece of malware on the point-of-sale (PoS) systems used for payment card transactions at its...