Another week, another high-profile data breach. This time, it's a big one.

In December 219, the convenience store chain Wawa disclosed that they had discovered malware on their point of sale system and that tens of millions of customer records were at risk. Those at risk were potentially anyone who had paid for their gas and other sundries with a debit or credit card.

Further, they admitted that the breach impacted all 86 of its locations. Worse, the company discovered that the malware had been in place for at least four months, which makes it a positively massive breach.

A recently published Gemini Security Advisory described it this way:

"Since the breach may have affected over 85 stores and potentially exposed 3 million sets of payment records, it ranks among the largest payment card breaches of 219, and of all time. It is comparable to Home Depot's 214 breach exposing 5 million customers' data or to Target's 213 breach exposing 4 million sets of payment card data."

It was only a matter of time before a haul that large showed up on the Dark Web, and that has now happened. Recently, security researchers have spotted a file called "BigBadaBoom-III." The payment card data it contains traces back to Wawa.

At present, the records are being sold for an average of $17 each. Given the size of the breach, that represents a breathtaking payday for the hackers.

If you've been to a Wawa convenience store in the last six months, the safe bet is to assume that your payment card has been compromised and proceed accordingly. Doing nothing is a recipe for disaster, especially given that the database containing the card data is already up for sale. It's only a matter of time until someone gets their hands on your payment data and starts making illicit use of it.

Used with permission from Article Aggregator