Another high-profile data breach - a big one

In December 2019, the convenience store chain Wawa disclosed that they had discovered malware on their point of sale system and that tens of millions of customer records were at risk. Those at risk were potentially anyone who had paid for their gas and other sundries with a debit or credit card.

Further, they admitted that the breach impacted all 860 of its locations. Worse, the company discovered that the malware had been in place for at least four months, which makes it a positively massive breach.

A security advisory described it this way

"Since the breach may have affected over 860 stores and potentially exposed 30 million sets of payment records, it ranks among the largest payment card breaches of 2019, and of all time. It is comparable to Home Depot's 2014 breach exposing 50 million customers' data or to Target's 2013 breach exposing 40 million sets of payment card data."

Huge payday for the hackers

It was only a matter of time before a haul that largely showed up on the Dark Web, and that has now happened. Recently, security researchers have spotted a file called "BigBadaBoom-III." The payment card data it contains traces back to Wawa.

At present, the records are being sold for an average of $17 each. Given the size of the breach, that represents a breathtaking payday for the hackers.

Our perspective

If you've been to a Wawa convenience store in the last six months, the safe bet is to assume that your payment card has been compromised and proceed accordingly. Doing nothing is a recipe for disaster, especially given that the database containing the card data is already up for sale. It's only a matter of time until someone gets their hands on your payment data and starts making illicit use of it.

 

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~

 

Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.

Contact me if you would like me to speak at your association.