What Happened?

On December 19, 2019, Facebook came under fire once again, when over 267 million records belonging to the social site were found on an unsecured webpage. This is at least the third time in 2019 that Facebook has been in the news for leaving its users’ data unprotected. The exposed database disclosed names, Facebook IDs, and phone numbers of Facebook users, and was available to cybercriminals for two weeks or more.

On December 20, 2019, reports surfaced that Wawa’s systems had been breached by hackers using malware to capture payment information from transactions made in-store and at gas pumps. The number of customers impacted by the breach has not been disclosed, but the malicious code is expected to have picked up payment details on all transactions occurring across more than 840 Wawa locations between March 4 and December 12, 2019. This Personally Identifiable Information (PII) includes credit and debit card numbers, expiration dates, and cardholder names.

Should I Be Worried?

Any time payment processing systems are breached, consumers need to take notice. It took Wawa more than 9 months to detect the malware in their system. If a credit card number is stolen, it’s only a matter of hours before that number has been sold to someone who will use it fraudulently. Hackers are very sophisticated and even the best-intentioned companies may be breached for a considerable time before it is detected. Customers who have made transactions at Wawa locations this year should watch financial statements for fraudulent charges, credit reports for any unrecognized new account openings, as well as be on alert for possible account takeover scams. With access to your financial information, hackers can make unwarranted purchases, lock you out of your accounts by changing the password, and potentially ruin your credit score.

The type of data included in Facebook’s leak (email, phone number, and account login information) is commonly used for credential stuffing and phishing attacks by cybercriminals once it has been exposed by fraudsters on the Dark Web. It is important to safeguard your information by updating your passwords, making sure you do not use the same password on multiple accounts, and turn on two-factor authentication to further protect yourself from account takeover attacks.

Five Tips to Stay Protected

  1. Use two-factor authentication. Requiring an additional level of security can often thwart hackers from gaining access.
  2. Invest in a password manager. Having one location to safeguard your hard-to-crack password alleviates the pressure to remember all logins.
  3. Monitor Financial Statements. Read your bank and credit card statements carefully for any suspicious activity, especially small “test” purchases criminals make to ensure they are undetected while using your bank cards. Report all fraudulent charges you do not recognize.
  4. Freeze your credit. By freezing your credit at each of the three credit bureaus you’ll restrict access to your credit report, adding an extra layer of defense against identity thieves.
  5. Enroll in an identity protection service. Make sure you and your family are protected now and into the future.