The payment card details of more than 30 million Americans, believed to have been stolen in a data breach at convenience store chain Wawa, have been put up for sale on the dark web.
Earlier this week, carding forum Joker's Stash put up the details of cards issued by thousands of banks across the US. The batch, called BIGBADABOOM-III, is from the Wawa breach, according to security experts at Gemini Advisory.
Wawa revealed in December that malware had been installed on its point-of-sale systems nine months earlier, affecting all of its 860 convenience stores, 600 of which are also gas stations. The stolen data includes card numbers, expiration dates, and cardholder names.
According to Gemeni, the Joker's Stash dump involved more than 30 million cards from more than 40 US states. Cards are being sold for about $17 a piece.
Wawa says that it is aware the card data has surfaced and that it has alerted its payment processor, card brands, and issuers to "heighten fraud monitoring activities".