The Pennsylvania and West Virginia convenience store chain Rutter’s was subjected to a POS skimming attack for at least seven months affecting card readers inside some stores and at gas pumps.

Rutter’s was informed of the problem by a third party and on January 14, 2020 a company investigation confirmed a data breach did take place. The general time frame the malware was present ranges from October 1, 2018 through May 29, 2019. One location was hit earlier, starting August 30, and nine others were infected starting on September 20. Rutter’s owns and operates 72 locations.

"Besides the obvious issue with the malware being installed, it is concerning that the malware was in place for almost nine months and was only discovered by being reported by a third party. When handling large amounts of customer data, it is imperative that organizations monitor and test systems to ensure the safety of the data being handled," Erich Kron, security awareness advocate for KnowBe4, told SC Media.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.