Thursday, 13 February 2020
On 22:39 by admin No comments
US store chain Rutter’s disclosed a security breach today. The
company says hackers gained access to its stores’ network system and
planted malware that collected payment card details as they were being
processed.
Stores in Pennsylvania and West Virginia were impacted, Rutter’s said today in a press release and a notice posted on its website.
For most locations, the malware was present between October 1, 2018
through May 29, 2019, however, for some stores, the infection timeline
is different.
Rutter’s said the malware collected data from payment cards swiped through point-of-sale (POS) devices installed inside convenience stores and some of its fuel pumps.
In most cases, the malware is believed to have collected for the user’s name, card number, expiration date, and internal verification code. For users who paid with cards at an EMV-capable POS device, Rutter’s said it believes the malware collected only the card number and expiration date.
The store chain said that payment card transactions at Rutter’s car washes, ATMs, and lottery machines were not impacted.
The store chain said it removed the malware from its payment systems,
reported the incident to law enforcement, and is now notifying impacted
customers.
In December 2019, payments processor VISA published a security alert about multiple incidents involving POS malware at gas pumps across North America.
It is unclear if Rutter’s was one of the companies mentioned in the VISA alert. Wawa, another US convenience store that operates gas pumps, disclosed a POS malware incident. Wawa’s data ended up for sale online, on a dark web carding shop, and is considered one of the biggest card data dumps to date.
Rutter’s operates convenience stores and gas stations across more than 70 locations in Pennsylvania, West Virginia, and Maryland.
Stores in Pennsylvania and West Virginia were impacted, Rutter’s said today in a press release and a notice posted on its website.
Rutter’s said the malware collected data from payment cards swiped through point-of-sale (POS) devices installed inside convenience stores and some of its fuel pumps.
In most cases, the malware is believed to have collected for the user’s name, card number, expiration date, and internal verification code. For users who paid with cards at an EMV-capable POS device, Rutter’s said it believes the malware collected only the card number and expiration date.
The store chain said that payment card transactions at Rutter’s car washes, ATMs, and lottery machines were not impacted.
Rutter’s learned of the breach from a third-party
Rutter’s said it learned about the incident following “a report from a third party.” It didn’t say when it learned of the malware infection, but that the investigation into the incident concluded a month ago, on January 13, 2020.It is unclear if Rutter’s was one of the companies mentioned in the VISA alert. Wawa, another US convenience store that operates gas pumps, disclosed a POS malware incident. Wawa’s data ended up for sale online, on a dark web carding shop, and is considered one of the biggest card data dumps to date.
Rutter’s operates convenience stores and gas stations across more than 70 locations in Pennsylvania, West Virginia, and Maryland.
Subscribe to:
Post Comments (Atom)
Search
Featured post
27 good hacker documentary
In the eyes of most people, a group of hackers usually extremely boring nothing interesting people, and that if only the computer code in ...

0 comments:
Post a comment