Rutter’s, a chain of convenience stores in the US, has announced a payment card breach that affected more than 70 locations.
The breach is said to be the result of malware. The malware gathered payment card data from POS devices at some of Rutter’s convenience stores and fuel pumps.
It infected the majority of Rutter’s locations between 1 October 2018 and 29 May 2019.
According to the retailer, the breach compromised only the card number and expiration date in most cases.
Commenting on the breach, the retailer said: “In addition, it appears that the malware did not copy data from all of the payment cards used during the period that it was present on a given payment processing system.
“There is no indication that other customer information was accessed. Please note this incident is not the result of a handheld “skimmer” being placed on a Rutter’s fuel pump.”
The breach did not affect card transactions at Rutter’s car washes, ATM’s, and lottery machines in stores, the retailer said.
Rutter’s has already started a probe into the matter after learning of the issue from a third party.
The retailer has already alerted law enforcement agencies of the matter and involved cybersecurity firms for support. The malware has been removed, stated the retailer.
Last month, cybersecurity firm Gemini Advisory said that credit and debit card data compromised during a breach at convenience store chain Wawa were put up for sale on the dark web Joker’s Stash. The breach is said to have affected 30 million payment cards.