Malware

30 Million Credit Data Available for Sale in Dark Web – Wawa Massive Payment Card Breach

Wawa data breach was disclosed by the end of the last December, according to a company statement the malware om their payment system for more than nine months.

Wawa is an American chain of convenience stores and gas stations located in many places around the United States, founded in 1964.

The malware deployed on their server by March 4, 2019, and it was detected by the Wawa security team on December 10, 2019.

Data in Dark Web – Wawa Breach

On Jan. 27, Cybercriminals started selling the stolen credit cards on the popular fraud bazaar dubbed Joker’s Stash that includes 30 million cards collected across the U.S.

Some sources told KrebsOnSecurity that the cards present with the sale dubbed “BIGBADABOOM-III” maps to the card’s stolen in Wawa Breach.

Wawa said that they aware of the criminal attempts of selling the payment card information involved in the Data Security Incident announced by Wawa on December 19, 2019.

“We have alerted our payment card processor, payment card brands, and card issuers to heighten fraud monitoring activities to help further protect any customer information.”

Gemini Advisory, a New York-based fraud intelligence company said that point of compromise for BIGBADABOOM-III is Wawa, the price for domestic cards in $17 and for international cards $210.

Gemini observed that “BIGBADABOOM-III” has more than 100,000 records, the majority of the cards linked to US banks and US-based cardholders.

Wawa confirms that “that only payment card information was involved, and that no debit card PINs, credit card CVV2 numbers or other personal information were involved. This incident did not impact ATM transactions.”

In the Wawa breach, it affects over 850 stores and it exposed more than 30 million sets of payment records, it is one of the major payment card breaches of 2019.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

REF7707 Hackers Attacking Windows & Linux Machines Using FINALDRAFT Malware

A sophisticated hacking campaign has been unveiled recently by Elastic Security Labs, dubbed "REF7707," which…

50 minutes ago

New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens

A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known…

3 hours ago

RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access

Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as "Salt…

4 hours ago

AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code

A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen™ Master…

5 hours ago

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql. …

5 hours ago

WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code

A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute…

9 hours ago