Wawa的数据泄露

Reset the days without a major data breach back to zero.

在不断发展的网络安全世界中, it doesn’t look like the phrase above will ever surpass the 30-day mark. 好像一个月一次, 要么是大型零售商, financial institution or service provider is affected by some sort of data breach. 现在瓦瓦, a popular east coast chain of gas and convenience stores, has taken the spotlight after a breach related to financial data was discovered to be occurring within the organization from as early as March 4. The retailer joins the long list of entities affected by 数据泄露 in the past year: Marriott, Whitepages, 脸谱网, 美国第一金融公司., American Medical Collection Association, Capital One and Adobe.

Details are still unclear on how an attacker was able to operate inconspicuously within Wawa’s environment for more than eight months, but one fact seems to be known: this breach most likely affected all retail/gas locations under Wawa’s purview. 另外, it’s been confirmed from an anonymous source that an external firm was called on to assist Wawa in rectifying the data breach, 但该公司的名字尚未公布.

在施耐德唐斯，我们的 网络安全 team assists a multitude of clients in matters related to 数据泄露, PCI遵从性 安全意识. 只要有漏洞上了头条, 我们想提醒我们的读者, clients and potential clients that there is a long list of items to focus on when it comes to payment card security. 正如我们在整个行业所看到的那样, sensitive cardholder data can be stored – and therefore stolen – from many places, 有些比其他的更明显:

1. Compromised card readers and other supporting infrastructure (e.g.(RAM刮削器)
2. Paper stored in a filing cabinet (the old fashioned way)
3. Cardholder data stored in a payment system database
4. Camera footage recording entry of authentication data
5. Secret tap into the store’s wireless or wired network
6. 客服呼叫中心录音

Based on the limited information we know about the Wawa breach, 项目项1, 3 and 5 were the most likely avenues in which the attacker was able to compromise such a large amount of data. The only good news that come out of this story is that Wawa was able to rectify the issue related to this breach within two days once it was identified. The bad news is, the hackers went unidentified in their systems for over eight months.

这是我们能期待的最好的消息了, 虽然, is no more news from the data breach front as we get through the holiday season. 与此同时, we encourage all readers to monitor their payment statements over the coming months if they’ve purchased anything from Wawa in the last year.

来源:

http://www.cnet.com/news/biggest-data-breaches-of-2019-same-mistakes-different-year/