WaWa, a convivence store chain based in Pennsylvania, has announced that it was the victim of a malware attack. The attack was discovered on December 10th and stopped on the 12th. The malware infected its payment processing servers and is believed to have collected payment card numbers, customer names, and other data as early as March 4th of this year. The breach affected all of its 850 locations and included the in-store and fuel dispenser payments. The company stated that it does not know how many customers were affected but they are working with law enforcement and a forensics firm to conduct the investigation. WaWa did state that they are notifying customers and offering free credit and identity theft monitoring services.
Analyst Notes
Customers of the WaWa chain should contact the company to take advantage of the monitoring services and should closely monitor their credit card statement to quickly report fraudulent charges on their accounts. Defenders of retail networks that include Point of Sale (POS) terminals should set up alerting mechanisms based on attacker behaviors, including detection of compromised administrator accounts logging in to all POS terminals in a short time period using scripting automation, or one process reading the memory of another process. Payment card reader hardware that encrypts card data at the point of collection is another effective defense against theft. Companies can benefit from using endpoint detection services, such as the Binary Defense Security Operations Center, to monitor their systems on a 24 hour a day basis to stop infections before they have a chance to do serious damage to their networks.
Source Article: https://www.cnbc.com/2019/12/19/wawa-says-data-breach-may-have-collected-thousands-of-customer-card-numbers-and-names.html
