• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Data Breach
  • Malware
  • Security
  • PoS malware infected systems at 71 locations operated by US store chain Rutter’s

PoS malware infected systems at 71 locations operated by US store chain Rutter’s

Pierluigi Paganini February 14, 2020

US store chain Rutter disclosed a security breach, 71 locations were infected with a point-of-sale (POS) malware used to steal customers’ credit card information.

The Rutter’s, a U.S. convenience store, fast food restaurant, and gas station chain owner, has disclosed a security breach.

The company confirmed that attackers gained access to its stores’ network system and infected payment systems at 71 locations with a point-of-sale (POS) malware.

The US store chain Rutter’s operates more than 75 locations throughout Pennsylvania, Maryland, and West Virginia.

According to a Notice of Payment Card Incident published by the company, attackers have stolen some payment card data from cards used on point-of-sale (POS) devices from convenience stores and fuel pumps. Threat actors planted PoS malware into the payment processing systems that was specifically designed to steal card data.

Rutter’s started the investigation after it has received a report from a third party claiming there may have been unauthorized access to data from payment cards that were used at some Rutter’s locations.  The company hired a cybersecurity firms to assist it into the investigation and notified law enforcement.

“On January 14, 2020, the investigation identified evidence indicating that an unauthorized actor may have accessed payment card data from cards used on point-of-sale (POS) devices at some fuel pumps and inside some of our convenience stores through malware installed on the payment processing systems.” reads the notice issued by the company. “The malware searched for track data (which sometimes has the cardholder name in addition to card number, expiration date, and internal verification code) read from a payment card as it was being routed through the payment processing systems.”

The malware was present with different timeframes for each location, “the general timeframe beginning October 1, 2018 through May 29, 2019.”

Rutter’s

The hackers were able to steal card numbers, expiration dates, and internal verification codes from credit cards used for the payments by the customers, in some cases, the PoS malware was also able to capture the cardholder names.

“However, chip-enabled (EMV) POS terminals are used inside our convenience stores. EMV cards generate a unique code that is validated for each transaction, and the code cannot be reused.” continues the notices.

“As a result, for EMV cards inserted into the chip-reader on the EMV POS devices in our convenience stores, only card number and expiration date (and not the cardholder name or internal verification code) were involved.”

Rutter’s pointed out that the PoS malware involved in the attack didn’t copy payment data from all of the cards used at the affected locations.

Payment systems at Rutter’s car washes, ATM’s, and lottery machines in Rutter’s stores were not infected with the malware.

The company confirmed that the PoC malware has been removed from infected systems, it also announced the implementation of enhanced security measures to prevent similar incidents in the future.

Experts suggest users reviewing their payment card statements for any unauthorized activity. Customers should immediately report any unauthorized charges to their card issuer.

Rutter’s customers should also file a complaint with the Federal Trade Commission and a police report in case of fraud or identity theft.

Rutter’s also set up a dedicated call center at 888-271-9728 for additional questions.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Rutter’s, PoS malware)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Cybercrime Hacking information security news it security news malware Pierluigi Paganini Security News

you might also like

Pierluigi Paganini July 28, 2025
China-linked group Fire Ant exploits VMware and F5 flaws since early 2025
Read more
Pierluigi Paganini July 27, 2025
Allianz Life data breach exposed the data of most of its 1.4M customers
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

    Hacking / July 28, 2025

    Allianz Life data breach exposed the data of most of its 1.4M customers

    Data Breach / July 27, 2025

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

    Malware / July 27, 2025

    Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 27, 2025

    Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

    Cyber Crime / July 26, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT