The content is accurate at the time of publication and is subject to change.
On the same day last week, a convenience store and two restaurants disclosed security breaches that may enabled attackers to get their hands on customer payment card data.
It is reported that malware was discovered. It was designed to collect magnetic stripe data on payment processing servers for card transactions.
The biggest of the three is Wawa convenience store chain. It was disclosed that all its locations were potentially impacted starting March 4, 2019. The malicious software was found by Wawa's security team on December 10 and was contained by December 12. According to current investigation of the case, the exposed payment card (debit and credit) information includes numbers, expiration dates, and cardholder names.
In its data breach notification, Wawa informs that PINs (personal identification numbers), which are used to approve transactions, were not impacted. CVVc (card validation value numbers) remained safe as well.
The other victim of attackers were Islands restaurants. The chain, with most of locations in California, Arizona, Hawaii, and Nevada, was impacted by POS malware. Thanks to an alert, the restaurant conducted an investigation which revealed that some devices were compromised.
The POS malware campaign began on February 13 and continued through September 27. It read data from the magnetic stripe of a payment card, which includes the cardholder name, card number, expiration date, and internal verification code. More details, as well as steps you can take, can be found on Island restaurants website.
And the third restaurant that announced the data breach was Champagne French Bakery Cafe. They were also alerted to POS malware and initiated an investigation that revealed that malicious software was installed on February 13 and was active through September 27 at various locations.
According to the official statement, eight locations were compromised. The following data from the magnetic stripe of payment cards was exposed: cardholder name, card number, expiration date, and internal verification code.