Skip to Content
© Georgesheldon |
Security & privacy

Identity theft warning: 30 million credit card records for sale on the Dark Web

Security breaches are no fun for anyone except hackers. Data has become so valuable to advertisers and scammers alike that email addresses alone can fetch a hefty price on the shadier parts of the web.

It happens like clockwork: A flaw is discovered in a popular website or platform. Hackers undermine the system and infiltrate it. Then, the stolen data makes its way to a Dark Web marketplace, where anyone with bitcoin can have a go at your info. Tap or click here to see how 21 million stolen logins were sold this way.

But don’t think this phenomenon is rare. In fact, its happening right now. A serious breach from 2019 led to hundreds of thousands of customers’ payment information getting stolen, and the data is now up for grabs on the Dark Web. If you were affected by this data breach last year, you need to call your bank now.

What’s wrong with Wawa?

In April of 2019, hackers successfully breached the payment processing systems of the popular gas station chain Wawa. As a result, hundreds of thousands of customers were impacted, and potentially had their financial data pilfered. Tap or click here to learn more about this massive security breach.

Using malware that lingered on Wawa’s systems for almost 9 months, the hackers stole a trove of valuable financial information, including the following critical data:

  • Credit and debit card numbers
  • Expiration dates
  • Cardholder names

Until now, it was unknown whether the information had been distributed beyond the initial hack. Unfortunately, reports from ZDNet have confirmed that not only is the stolen data for sale on the Dark Web right now, but the breach was even bigger than previously believed.

According to the reports, more than 30 million records from Americans and foreign visitors alike are available to purchase from Dark Web marketplace Joker’s Stash. This makes the breach one of the largest of all time.

Selling data for peanuts

You might think stolen credit cards are expensive, but you’d be wrong. Joker’s Stash is offering each stolen profile for an average of only $17. What a steal — literally!

International accounts are more expensive at about $210 a pop. This is likely due to the fact that foreign Dark Web shoppers will have an easier time using this information.

In a bit of a silver lining, Wawa confirmed “only” payment card information was affected, and “no debit card PIN numbers, credit card CVV2 numbers or other personal information were involved.”

In short, this means that your best hope for your card not to be misused is a merchant that asks for CVV2s. Not all of them do this, so you may want to think about contacting your banks before it’s too late.

Was I affected? What can I do?

If you used a debit or credit card at any Wawa location between March and Dec. 10, 2019, you’re likely among the millions of stolen accounts up for sale. If there is a chance your credit card data is part of this breach, here are the security steps you need to take:

  • Protect your identity – Wawa and Experian have teamed up to offer impacted customers one year of free identity theft protection and credit monitoring at no charge. To enroll, visit the Experian IdentityWorks website. You’ll need to provide the following activation code: 4H2H3T9H6. Or, you can call Experian’s customer care team at 1-844-386-9559. (Monday – Friday between 9 a.m. and 9 p.m. Eastern, or Saturday between 11 a.m. and 8 p.m.) They’ll ask for the same code, so keep it handy.
  • Check your bank card statements – This is crucial. If you see any suspicious activity, immediately report it to your bank. Federal law and credit card rules state customers who notify their card company in a timely manner upon discovering fraudulent charges will not be responsible for them.
  • Look over your credit report – If you enroll in the Experian service, you’ll have access to any activity on your credit report. Also, under U.S. law you are entitled to one free credit report annually from each of the three consumer reporting agencies. Tap or click here to learn how to get one for yourself.

As sad as this breach is, it’s yet another sign that the institutions we depend on for security can only do so much. The hackers may be winning the war, but you can win your own battles if you take the right steps. Tap or click here to learn some of the safest ways to pay online.

Bonus: Happy ‘Change Your Password’ Day! Plus, an exclusive deal on identity protection

Have you heard? February 1 is celebrated online as the official day to change your password to something stronger and more secure. While not an “official” tradition in the national sense, tech writers proposed this day back in 2012 in an effort to remind folks that their accounts are only as safe as the locks they put on them.

If you have an easy password on any of your accounts, its time to throw convenience out the window for the sake of security. We’ll show you how to build stronger passwords for any platform or website you use. Tap or click here to find out how to create stronger passwords.

In addition to changing your password, a robust ID monitoring service can help you catch anyone misusing your information red-handed. Our sponsor Identity Guard includes an array of advanced monitoring technology in every subscription, including IBM Watson AI, credit reports and bank account tracking. It even keeps tabs on well-known darkweb marketplaces for signs of malicious activity.

Get up to 33% off for Kim’s audience only, with plans starting at less than $7 a month at

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me