Card details of US Wawa customers are being sold for just $17 online

Defexpo 2020 Special

Hackers have put the payment card details of more than 30 milion Americans and over one million foreigners up for sale on the Internet's largest carding fraud forum, Joker's Stash. The latest "card dump" was listed under the name BIGBADABOOM-III on Joker's Stash but security experts at Gemini Advisory have traced the stolen card data back to the US East Coast convenience store chain Wawa.

Back in December, Wawa disclosed a major security breach in which the company admitted that hackers had planted malware on its point-of-sale (POS) systems. According to the company, the malware collected the card details for all of its customers who used either credit or debit cards to buy goods or gasoline at all of its 860 convenience store locations.

To make matters worse, the malware operated for months between March and December of last year before it was finally removed from Wawa's systems.