WAWA DATA BREACH AND VISA WARNING
Wawa announced Dec. 19 that customer information for credit and debit card transactions at in-store terminals and fuel dispensers throughout the chain’s 850 locations might have been compromised.
The data breach included cardholder names, card numbers and expiration dates for transactions from March 4 to Dec. 12, 2019. PINs, credit card security codes and driver’s license information used to verify age-restricted purchases were not affected.
Interestingly, a month before the Wawa announcement, a Visa security alert described new, sophisticated schemes by which criminal enterprises are infiltrating merchant networks to harvest data from fuel dispenser point-of-sale (POS) systems. The warning noted:
“The targeting of fuel dispenser merchants is the result of the slower migration to chip technology on many terminals, which makes these merchants an attractive target for criminal threat actors attempting to compromise POS systems for magnetic stripe payment card data. … Card skimming at fuel pumps remains a pervasive and increasing threat for fuel dispenser merchants. However, these recent, more technically-advanced threat campaigns targeting fuel dispenser merchant POS systems mark a concerning trend that will likely continue. Many fuel dispenser merchants are currently updating their systems to accept and process more secure transactions, such as upgrading to devices that support chip. However, as long as the magnetic stripe readers are in place, fuel dispenser merchants are becoming an increasingly attractive target for advanced threat actors with an interest in compromising merchant networks to obtain this payment card data.”
For Oregon Residents: State laws advise you to report any suspected identity theft to law enforcement, as well as the Federal Trade Commission. You can contact the Oregon Attorney General at: Oregon Department of Justice, 1162 Court Street NE, Salem, OR 97301-4096, (877) 877-9392, www.doj.state.or.us
For more information regarding this data breach such as what to do if you have been affected, the steps WAWA is making in light of this news, and the official notice of the data breach, please visit WAWA data Security – Updates & Customer Resources.
*Note: Original article found in PEI TulsaLetter.