A data breach compromised personal credit card information at eight local Rutter’s convenience stores for eight months in 2018-19. The information came to light after Rutter’s announced Thursday that it had experienced a major breach in its credit card payment system.
- 1391 S. Main St., Chambersburg
- 637 Lincoln Way East, Fayetteville
- 4030 Lincoln Way East, Fayetteville
- 378 North Main St., Mercersburg
- 1 Airport Road, Shippensburg
- 448 Lincoln Way West, St. Thomas
- 141 S. Potomac St., Waynesboro
- 7438 Anthony Highway, Waynesboro
The breach involved cards used between Oct. 1, 2018 and May 29, 2019 at all of the stores except Chambersburg’s Rutter’s. The breach started Sept. 26, 2018 at the Chambersburg store.
The company said an unauthorized user infected the system using malware to collect data from payment cards swiped through point-of-sale (POS) devices installed inside convenience stores and at fuel pumps.
Cards used at Rutter’s car washes, ATM’s, and lottery machines in Rutter’s stores were not affected by the breach.
Information collected by the breach included the user’s name, card number, expiration date, and internal verification code. Rutter’s believes the malware collected only the card number and expiration date on cards used at EMV-capable POS devices.
According to the press release, Rutter’s removed the malware from its payment systems, reported the breach to law enforcement, and is now notifying impacted customers.
The company’s news release said it was first alerted to the breach by a third party. It immediately launched an investigation with the help of cyber security firms.
Rutter’s operates convenience stores and gas stations across more than 70 locations in Pennsylvania, West Virginia, and Maryland.