Published on December 28th, 2019 📆 | 4851 Views ⚑
0Three Different US Stores Disclose POS Malware Attacks Simultaneously
Cybercriminals seemed to have stepped up on a malicious campaign in the previous week. Reportedly, three different e-commerce stores in the US fell prey to POS malware attacks. In all the incidents, the attackers succeeded in stealing customer payment card data.
Security Breach At Wawa Stores
In a security notice, the chain of convenience stores Wawa disclosed a security breach. In brief, the security team at Wawa discovered a malware attack on December 10, 2019. The attack potentially began on March 4, 2019, and affected almost all Wawa stores in different locations.
Upon detecting the malware, the team contained the attack on December 12, 2019, two days from the detection. However, they suspect that the attackers have stolen usersâ payment card data in the duration of the attack. As stated in the notice,
Based on our investigation to date, this malware affected payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards used at potentially all Wawa in-store payment terminals and fuel dispensers beginning at different points in time after March 4, 2019, and ending on December 12, 2019.
They stated that other personal details such as driverâs license information, PIN numbers, CVV2 numbers of the credit cards, remained safe.
POS Malware Attacks At Two Restaurants
In addition to Wawa, two US-based restaurants also disclosed similar POS malware attacks at the same time. One of these includes the Champagne French Bakery CafĂŠ, which, as disclosed, suffered a malware attack from February 13, 2019, to September 27, 2019.
During the said period, the malware, which specifically targeted magnetic stripe data, compromised eight different locations. However, it couldnât extract any data at seven of these locations in March 2019. The breached information includes cardholderâs names, card numbers, internal verification code and dates of expiration.
Likewise, a similar incident took place at the Islands Restaurant. As elaborated in their notice, the nature, timeline, and duration of the malware attack looked exactly the same as that of the Champagne French Bakery CafĂŠ. Eventually, the restaurant contained the attack and removed the malware from its systems.
Let us know your thoughts in the comments.
Gloss