Petrol station and stores chain Rutter’s has fallen to a malware attack which compromised its customers’ payment card data.
Rutter’s was first made aware of the breach by a third party that said someone unauthorised had gained access to the payment card data.
As a result of the tipoff, Rutter’s launched an investigation and engaged cybersecurity firms as well as notifying law enforcement.
The investigation unearthed evidence that an unauthorised actor may have accessed payment card data from cards used on point-of-sale devices at some fuel pumps through malware installed on the payment processing systems. The hackers also gained access inside some of the chain’s convenience stores.
The malware searched for track data. This data sometimes has the cardholder’s name in addition to card number, expiration date, and internal verification code. The virus then read from a payment card as it was being routed through the payment processing systems.
Rutter’s stated that only chip-enabled cards that were inserted into the stores’ chip-readers were involved in the incident. The firm estimated that data was stolen between the beginning of October 2018 and the end of May 2019.
Payment card transactions at Rutter’s car washes, ATM’s, and lottery machines in Rutter’s stores were not involved.
Rutter’s now advised customers to check its card statements to ensure there were no odd unauthorised transactions being made through the.
The chain also stated that the malware has been removed and that it has strengthened its cybersecurity defences.
“We regret this incident occurred and sincerely apologize for any inconvenience,” Rutter’s said in a statement. “Our family has been in business for over 273 years in central Pennsylvania and we sincerely appreciate all of our loyal customers through the decades. Our award-winning team is ready to serve our valued customers, as we move forward from this incident.”
Copyright © 2018 RegTech Analyst