Credit card details of over 30 million Americans are being sold on the dark web following a massive data breach at convenience chain store Wawa.
Gemini Advisory, a New York-based fraud intelligence firm, revealed that the data was being uploaded to the Joker’s Stash site. The dump has been linked to a Wawa breach, which was discovered in December.
However, the attackers have reportedly been inside the network since last March, uploading malware to Wawa’s servers and abusing a security hole in the company’s in-store payment processing system. According to Gemini Advisory, more than 850 systems have been infected so far.
The stolen card details are now being sold for roughly $17 a piece, and some are bringing in as much as $210.
Wawa said in a statement that it was working closely with federal law enforcement in their ongoing investigation while trying to enhance protections of customer information.
This is one of the largest payment processing breaches in the past decade. It remains to be determined how much Wawa will pay in damages, but some believe the financial blow could be as high as $50 million.