Rutter’s Discloses Malware Attack On Its Payment Infrastructure

In a customer notice, the retail giant explained that its payment system had been hit with malware that stole customers’ information.

Rutter's store chain discloses security breach involving POS malware https://t.co/PP9qtvjyDt

— ZDNET (@ZDNET) February 14, 2020

An Old-Fashioned Card System Bypass

Rutter’s is based out of Central Pennsylvania and is a family-owned retail company that has a history of operation stretching back to the mid-1700s. The firm currently operates a healthy 75-plus location out of Maryland, West Virginia, and Pennsylvania. In the Notice of Payment Card Incident, the firm explained that it had found evidence that payment card details being used on several of its point-of-sale (POS) machines were being stolen by hackers who had installed the malware on their payment processing systems. Both notices explained that the affected stores were located in Pennsylvania and West Virginia. Most of the affected stores had been affected between October 2018 and May 2019, although the timeline for several other stores differs a bit. “There is one location where access to card data may have started August 30, 2018, and nine additional locations where access to card data may have started as early as September 20, 2018,” the release pointed out. The hackers allegedly used the malware to copy details from users’ credit cards, stealing information such as internal verification codes, expiry dates, and card numbers. In some cases, the names of cardholders were also collected. The firm advised that affected users should immediately put a freeze on their credit files to prevent any loans or purchases being made in their name without their consent. Customers who suspect they’ve been affected should also file a complaint with the police and the Federal Trade Commission.

Wawa’s Payment System Fiasco

Credit card theft remains one of the most lucrative ventures for criminals, and locations such as car washes, convenience stores, gas stations, and much more- which could collect a trove of credit card information- are particular targets.

Wawa failed to secure customers’ credit card information and left it vulnerable to a malware attack that lasted from March to December, consumers say in a wave of proposed class actions in federal court in Pennsylvania. https://t.co/DEI2jSFoa6

— Bloomberg Law (@BLaw) December 28, 2019

Last December, Wawa, a chain of gas stations and convenience stores across the U.S., also revealed that it had suffered a security breach that could have affected people who shopped at its locations in months. In a letter sent by the Philadelphia-based company, chief executive Chris Gheysens explained that malware had been installed on the company’s central payment servers since at least March and could have very well spread across its entire payment ecosystem.