• About
  • Advertise
  • Careers
  • Contact
Monday, March 20, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Data Breach

Wawa POS system compromised for 10 months, cybersecurity pros weigh in

by Cyber360 News
December 21, 2019
in Data Breach
0
Wawa POS system compromised for 10 months, cybersecurity pros weigh in
0
SHARES
1
VIEWS
Share on FacebookShare on Twitter

Wawa convenience stores is reporting a massive data breach that impacted payment card transactions potentially at all of its 800 locations.

Malicious actors managed to place malware on Wawa’s in-store and fuel pump POS systems starting on March 4, 2019 with all of its stores most likely being compromised by April 22. The company discovered the issue on December 10 and was able to fully block and remove the malware by December 12.

The information potentially stolen includes credit and debit card numbers, expiration dates and cardholder names. Debit card PINs and credit card CW2 numbers were not affected. Wawa gift cards also may be involved, although not specifically targeted, with the card numbers being stolen. The company is asking anyone who believes their gift card is affected to get in contact with Wawa customer service at 1-800-444-9292.

However, ATMs
located at Wawa locations were not part of the breach.

Wawa President
and CEO Chris Gheysens said
the company will cover any fraudulent purchases made with payment card data stolen
during this incident.

The company
did not say how many potential victims were involved nor was any information
given on how the malware was put in place.

Jason Kent, hacker in residence at Cequence Security, noted an interesting point in the company’s disclosure.

“The unusual
part of this story is that they weren’t notified of the breach externally. Does
this mean the malware didn’t work? Did the perpetrator not sell the numbers for
some reason? Is all of the effort to mitigate these types of attacks starting
to work,” he said.

Other
industry pros expressed some satisfaction that Wawa security apparatus was able
to at least partially protect their customers.

“It’s still
unknown how the criminals breached the network and accessed the data and it
appears that the criminals were only able to get part of the credit card
information.  This is a testament to the
organization’s separation of data within their infrastructure to isolate the
information, so if one system is compromised then all of the data cannot be
stolen,” said James McQuiggan, KnowBe4’s security awareness advocate.

On the flip side Emily Wilson, vice president of research at Terbium Labs, was unimpressed with the amount of time the malware remained active and undetected.

“In this
case, cyber criminals had the better part of the year to siphon off cardholder
information from Wawa’s vast network of stores; while I’m sure the fraudsters
weren’t happy to be caught, they can boast quite a trove of information from
their time undetected,” she said.

Although it
has not been revealed what type of malware was involved, retailers across the
country have been hit repeatedly in 2019 with Magecart attacks predominating.
In August Pedro Fortuna, CTO of Jscramber, penned the SC Media Executive
Insight column Five
strategies to stop Magecart
to help companies from being victimized.

Cyber360 News

Cyber360 News

Next Post
Top Zero Days, Data Breaches and Security Stories of 2019: News Wrap

Top Zero Days, Data Breaches and Security Stories of 2019: News Wrap

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In