**Originally published December 20, 2019. Updated January 28, 2020.**
On December 19, 2019, Facebook came under fire once again, when over 267 million records belonging to the social site were found on an unsecured webpage. This is at least the third time in 2019 that Facebook has been in the news for leaving its users’ data unprotected. The exposed database disclosed names, Facebook IDs, and phone numbers of Facebook users, and was available to cybercriminals for two weeks or more.
On December 20, 2019, reports surfaced that Wawa’s systems had been breached by hackers using malware to capture payment information from transactions made in-store and at gas pumps. The number of customers impacted by the breach at the popular convenience store and gas station retailer has not been disclosed, but the malicious code is expected to have picked up payment details on all transactions occurring across more than 840 Wawa locations between March 4 and December 12, 2019. The hacked Personally Identifiable Information (PII) included credit and debit card numbers, expiration dates, and cardholder names.
**Updated January 28, 2020. A post by KrebsOnSecurity reports more than 30 million credit account records have been posted for sale on the Dark Web. Accounts held at thousands of financial institutions are represented in the breached data listed for sale, which have been linked to purchases made at Wawa locations according to KrebsOnSecurity. A class-action lawsuit has been filed against Wawa related to the POS malware attack.
Data Breaches and Leaks Places Risk on Consumers
Any time payment processing systems are breached, consumers need to take notice. It took Wawa more than nine months to detect the malware in their system. If a credit card number is stolen, it’s only a matter of hours before that number has been sold to someone who will use it fraudulently. Hackers are very sophisticated and even the best-intentioned companies may be breached for a considerable time before it is detected. Customers who have made transactions at Wawa locations this year should watch financial statements for fraudulent charges, monitor credit reports for any unrecognized new account openings, as well as be on alert for possible account takeover scams. With access to your financial information, hackers can make unwarranted purchases, lock you out of your accounts by changing the password, and potentially ruin your credit score.
The type of data included in Facebook’s leak (email, phone number, and account login information) is commonly used for credential stuffing and phishing attacks by cybercriminals once it has been exposed by fraudsters on the Dark Web. It takes just two pieces of PII for a bad actor to commit synthetic identity theft. It is important to safeguard your information by updating your passwords — making sure you do not use the same password on multiple accounts — and turning on two-factor authentication to further protect yourself from account takeover attacks.
Don’t Wait for the Next Data Breach | Get Protected Now
If you suspect your personal information was compromised in Wawa’s data breach or Facebook’s data leak, be vigilant about monitoring your personal and financial accounts.
To truly protect yourself from fraud, sign up for top-rated identity theft protection that monitors all of your accounts and alerts you, in real-time, to any suspicious activity. Not to mention, IdentityForce offers 100 percent, white-glove restoration with up to $1 million in insurance if your identity were to become compromised.