Cybercriminals were found selling over 30 million credit card records on the dark web, purportedly from a data breach suffered by a U.S.-based gas station and convenience store chain last year.
The sale of the data collection, advertised under the name BIGBADABOOM-III on the dark marketplace Joker’s Stash, comes in the wake of the company’s data security incident disclosure. The breach was caused by a PoS malware attack, which compromised its point-of-sale (PoS) devices and was left undetected for 10 months and was only discovered in December last year. The breach affected 860 convenience stores, of which 600 were also gas stations. The company already alerted the card-issuing institutions about the breach and the online sale.
Source: Trend Micro