Credit and debit card data compromised during a breach at convenience store chain Wawa has been put up for sale on the internet’s dark market Joker’s Stash.
The breach, which hacked 30 million payment cards, is among the largest payment card breaches ever, noted cybersecurity firm Gemini Advisory. The breach hit more than 850 stores.
The dark marketplace advertised that it will leak payment card details of 30 million US cardholders and more than one million non-US cardholders.
Wawa detected the breach last month but according to Gemini Advisory, the malware leading to the breach affected the payment processing servers of the retailer since last March.
The data breached included card numbers, users’ names, as well as expiration dates.
Wawa acknowledged the attempts to sell the payment records on the dark web and said it is working with federal agencies to determine the breach’s scope.
Howver, the retailer stressed that the breach led to the theft of only payment card data. Debit card PIN numbers, credit card CVV2 numbers or other personal data were not compromised, it said.
“Today, we became aware of reports of criminal attempts to sell some customer payment card information potentially involved in the previous Data Security Incident announced by Wawa on December 19, 2019.
“We have alerted our payment card processor, payment card brands, and card issuers to heighten fraud monitoring activities to help further protect any customer information.”