Satoshi Nakamoto Blog
Image default

Rutter’s store chain discloses security breach involving POS malware

Rutter’s Leola location

Image via Google Street View

US store chain Rutter’s disclosed a security breach today. The company says hackers gained access to its stores’ network system and planted malware that collected payment card details as they were being processed.

Stores in Pennsylvania and West Virginia were impacted, Rutter’s said today in a press release and a notice posted on its website.

For most locations, the malware was present between October 1, 2018 through May 29, 2019, however, for some stores, the infection timeline is different. See this page for details about the infection timeline of Rutter’s stores.

Rutter’s said the malware collected data from payment cards swiped through point-of-sale (POS) devices installed inside convenience stores and some of its fuel pumps.

In most cases, the malware is believed to have collected for the user’s name, card number, expiration date, and internal verification code. For users who paid with cards at an EMV-capable POS device, Rutter’s said it believes the malware collected only the card number and expiration date.

The store chain said that payment card transactions at Rutter’s car washes, ATMs, and lottery machines were not impacted.

Rutter’s learned of the breach from a third-party

Rutter’s said it learned about the incident following “a report from a third party.” It didn’t say when it learned of the malware infection, but that the investigation into the incident concluded a month ago, on January 13, 2020.

The store chain said it removed the malware from its payment systems, reported the incident to law enforcement, and is now notifying impacted customers.

In December 2019, payments processor VISA published a security alert about multiple incidents involving POS malware at gas pumps across North America.

It is unclear if Rutter’s was one of the companies mentioned in the VISA alert. Wawa, another US convenience store that operates gas pumps, disclosed a POS malware incident. Wawa’s data ended up for sale online, on a dark web carding shop, and is considered one of the biggest card data dumps to date.

Rutter’s operates convenience stores and gas stations across more than 70 locations in Pennsylvania, West Virginia, and Maryland.

Source link

Related posts

Jennifer Lopez And Alex Rodriguez Announce Engagement With Massive Ring


Nvidia Tesla M40 Deep Learning Training Graphics Accelerator GPU


ICON ChainLink Partnership Bringing Real World Data to Blockchain – Product Release & Updates


Using neutrons and X-rays to analyze the aging of lithium batteries


These Dynaudio Xeo 2 wireless speakers are fit for an audiophile and are now 54% off


Crowdsourced Security & the Gig Economy