Wawa's Massive Data Breach Leads to Information Being Sold Online

Wawa’s Massive Data Breach Leads to Information Being Sold Online

Just last month in December of 2019, the popular chain of convenience stores Wawa revealed a massive data breach where the company admitted hackers were able to plant a virus that attacked every single store point-of-sale (POS) system. Wawa said the malware obtained card details for all customers who bought merchandise at their convenience stores and gas stations using credit or debit cards. The company said the attack affected all of its 860 convenience retail stores, 600 of which doubled as gas stations as well.

Why does it matter if it was a month ago? This past Monday on Joker’s Stash, the internet’s largest carding fraud forum, hackers put up for sale the payment card details of more than 30 million Americans and over a million foreigners. Wawa says it discovered the intrusion on Dec. 10 and contained the breach by Dec. 12, but that the malware was thought to have been installed more than nine months earlier, around March 4. The breached data and personal info includes debit and credit card numbers, expiration dates, and cardholder names, but not PIN numbers or CVV numbers according to Wawa

The breach was advertised under the name of BIGBADABOOM-III on Joker’s Stash. According to Gemini Advisory, a New York based fraud intelligence company, the Wawa breach is one of the worst data breaches in History. Gemini Advisory said, “Since the breach may have affected over 850 stores and potentially exposed 30 million sets of payment records, it ranks among the largest payment card breaches of 2019, and of all time.” 

While most people affected are consumers of Wawa who live in Florida and Pennsylvania, it is not only Americans who should be concerned. According to Gemini Advisory the breach included, “30 million US records across more than 40 states, as well as over one million non-US records from more than 100 different countries.” Credit cards from South America, Europe, Asia, really anywhere as long as that card was used at a Wawa during the exposed time period. If you’ve shopped at Wawa within the past year, we advise that you avidly check your credit statements and stay up to date on any notifications you may receive from your bank or credit issuer.