Pilfered Wawa Payment Card Data Now for Sale on Dark Web

The Joker's Stash underground marketplace is offering stolen payment card data from Wawa's recently disclosed data breach.

Dark Reading Staff, Dark Reading

January 29, 2020

1 Min Read
Dark Reading logo in a gray background | Dark Reading

The infamous Joker's Stash market in the Dark Web now is offering stolen payment card data that researchers from Gemini Advisory have identified as from the recent breach at Wawa.

According to Gemini's Stas Alforov and Christopher Thomas, Joker's Stash began stocking the payment card data records on January 27, more than a month after convenience store chain Wawa announced that it had discovered the breach on December 10, 2019. Wawa said payment systems in stores and a gas pumps in possibly all of its locations nationwide could have been affected, starting on March 4, 2019.

"Since the breach may have affected over 850 stores and potentially exposed 30 million sets of payment records, it ranks among the largest payment card breaches of 2019, and of all time," the Gemini analysts wrote in a post today. "It is comparable to Home Depot's 2014 breach exposing 50 million customers' data or to Target's 2013 breach exposing 40 million sets of payment card data."

Read more here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "7 Steps to IoT Security in 2020."

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights