In 2019, there was a prime focus on privacy and security, but it wasn't the ideal year for cybersecurity. With a multitude of malware attacks, users' privacy was exposed in one way or the other. By the looks of it, 2020 isn't going to be all that different. Sure, there may be better efforts to combat cybercrime, but the effectiveness of those efforts is what matters in the end.
A major security breach from 2019 has come back to haunt millions of Americans in 2020. Hackers put up for sale the debit and credit card details of more than 30 million Americans and over 1 million records belonging to people from over 100 different countries on the dark web. The breach, which affected 850 stores and 30 million payment records, is labeled one of the biggest payment card breaches of all time.
Card dump
Gemini Advisory, fraud intelligence firm, discovered the massive card dump on Joker's Stash - the largest online marketplace for buying and selling stolen payment information. Hackers had only put up 100,000 card details on the site on Monday while claiming it had 30 million card details of WaWa customers.
According to Gemini Advisory co-founder Adrei Barysevich, hackers are likely to dump additional card data on Joker's Stash over the next 12 to 18 months. The stolen card details are being sold on the site under the name BIGBADABOOM-III. The experts also found that the US-issued cards are being sold for $17 a pop while international cards are selling at a much higher $210 per card rate. Surprisingly, the dumped stash reportedly included CVV2 numbers, which WaWa had claimed was not leaked in the security breach.
The hack
The malware breach was disclosed by WaWa - the popular chain of food and gasoline - in December last year. The company admitted to having affected by a malware attack on its point of sale systems, which then collected card details of customers who used their debit and credit cards at WaWa convenience and gas stations.
The malware went undetected for several months until it was finally discovered and patched. According to WaWa's statement, the malware stole card details from customers from March 4 till December 12, 2019. The security experts compare the scale of WaWa's security breach to Home Depot's 2014 attack, which exposed 50 million customer data and to Target's 2013 breach affecting 40 million customers.
After disclosing the massive security breach, WaWa alerted payment card processor, card brands and issuers to heighten fraud monitoring activities. The company also offered free credit monitoring and identify theft protection to customers.