Details of 30 million debit, credit cards of US-based firm WaWa up for sale online

Fraud intelligence company Gemini Advisory on Wednesday (January 29) revealed that credit and debit card information of millions of customers of US-based food and gasoline chain WaWa Inc has been breached and is being sold online.

The breach “ranks among the largest payment card breaches of 2019, and of all time" because it potentially affected 850 stores and 30 million payment records, Gemini Advisory said in a report, reported Bloomberg.

In December 2019, WaWa had announced that payment processors in some of its stores had been breached. According to Gemini,  data from cards used at WaWa is available for sale on online marketplace Joker's Stash. It is to be noted that Joker’s Stash is infamous for buying and selling credit and debit card information.

Gemini Advisory said that data on almost 100,000 cards were dumped online on Monday (January 27), but Joker’s Stash claimed it had data from 30 million cards of WaWa customers. It is expected that more data will be released by Joker’s Stash over the next 12 to 18 months.

WaWa issued a statement saying, "it was aware of reports of criminal attempts to sell come customer payment card information." The company added that it had alerted its payment card processor, payment card brands and card issuers in order to keep the data safe. 

Meanwhile, WaWa has claimed that it had succeeded in containing the breach on December 12, just two days after it was discovered. “We also remain confident that only payment card information was involved, and that no debit card PIN numbers, credit card CVV2 numbers or other personal information were involved," the company had said.