Since the increasingly-popular, regional convenience chain, Wawa, announced a breach of their payment card processing system last December, the story has continued to gain people's attention. Those of us who have probably shopped at Wawa at least occasionally (full disclosure - I frequent the store more than I am willing to admit) should continue to monitor reports of the incident and regularly check our credit/debit cards for unapproved charges. Details of the breach have been posted by Cyber Security Intelligence here, but I have summarized the main points below.
- The system was first infected after March 4, 2019 but was not detected until December.
- 30 million records were stolen, lower than Home Depot or Target breaches (50 million and 40 million cards respectively) but still a high number.
- According to deep web experts at Gemini Advisory, the highest loss was to locations in Florida followed by Pennsylvania. Records in more than 40 states and 100 countries were stolen.
- Records are being sold on the dark web by The Joker's Stash. After the initial breach, that website announced more cards would be uploaded on January 27 (this was posted February 5)
Total loss to Wawa, or how much will be covered by insurance has not yet been announced. If you have shopped at Wawa and paid with a credit or debit card, you should be monitoring your account.