MAPCO Express experiences security breach

MAPCO Express issued a press release today concerning a security breach as well as this notice on their web site:

At MAPCO, we care about our customers and respect their privacy.  We want to alert you that we have experienced a security breach by third-party hackers that may have compromised the credit/debit card information of certain MAPCO customers.  We truly regret any inconvenience this may have caused you and we have implemented further security measures designed to prevent these incidents in the future.

to our Credit and Debit Card Customers

If you used a credit or debit card to make a payment within the MAPCO Express, Inc. family of retail fuel and convenience stores, we want to alert you to a payment card information breach that may have exposed your credit or debit card information.  These stores include MAPCO Express®, MAPCO Mart®, East Coast®, Discount Food Mart™, Fast Food and Fuel™, Delta Express®, and Favorite Markets® locations in Tennessee, northern and central Alabama, Arkansas, northern Georgia, Kentucky, northern Mississippi, and Virginia.

Third party hackers used malware to access the payment card processing systems in our stores between March 19-25, April 14-15, and April 20-21, 2013.  These systems transmit certain card information needed for the approval of transactions.  The hackers may have stolen information that could potentially be used to initiate fraudulent credit and debit card transactions.

Although it is not clear if any of your card information was stolen, we wanted to notify you about this criminal activity.  As soon as we learned of the malware, we took steps to disable the malware and further strengthen the security of our payment card processing systems.  We also began working with a nationally-recognized computer forensics investigation firm and the payment card associations to determine exactly what happened and what information may have been compromised.  We are cooperating with federal law enforcement, including the FBI’s Joint Cyber Crime Task Force, to find the third party hackers responsible for this crime.  We are providing this notice to you after law enforcement advised that notice would not impede their criminal investigation.

If you suspect that your card information may have been compromised, you should immediately contact your bank, credit union, or credit or debit card company.  In all cases, we advise you to remain vigilant by reviewing your account statements and monitoring your credit reports.  Even though we have implemented internal security controls to contain any data loss, any card information that was already accessed by the hackers could still be used to initiate fraudulent transactions.

Please see the Important Disclosures linked below and  call us for further information and assistance at 1‑877‑297‑2081 Monday through Friday 7 a.m. to 10 p.m. Central Time and on Saturday and Sunday from 8 a.m. to 4 p.m. Central Time.  Please refer back to this site from time to time for updates as we continue our investigation into this crime.

We value your business and take the security of your payment card information very seriously.  We sincerely apologize for any inconvenience this incident may cause you.

Important Disclosures
Credit and Debit Card Accounts

Credit Reports
Fraud Alerts  |  Review Credit Reports  |  Security Freeze  |  Law Enforcement

Frequently Asked Questions
Frequently Asked Questions

From the companion FAQ on the breach:

How did this breach occur and what is MAPCO doing to inform and protect customers?
We believe that third party hackers were able to remotely install malware on the payment card processing systems used in certain of our retail stores.  This malware may have been active in all of our stores from March 19-25, 2013, in our 1301 Dickerson Road, Goodlettsville, Tennessee and 6624 Charlotte Pike, Nashville, Tennessee stores from April 14-15, 2013 and in certain stores from April 20-21, 2013.  If you used a credit or debit card at these locations during these time periods, your card information may have been compromised.

[…]

How do I know whether the store I went to was impacted by this breach?
The impacted stores are part of the MAPCO Express, Inc. family of retail fuel and convenience stores and include MAPCO Express®, MAPCO Mart®, East Coast®, Discount Food Mart™, Fast Food and Fuel™, Delta Express®, and Favorite Markets® locations in Tennessee, northern and central Alabama, Arkansas, northern Georgia, Kentucky, northern Mississippi, and Virginia.

The hackers accessed the payment processing systems used in all of our stores from March 19-25, in certain stores from April 20-21, 2013, and at 2 stores in Goodlettsville and Nashville, TN from April 14-15, 2013.  If you used your credit or debit card at one of these locations during these time periods, you card data may have been compromised.

About the author: Dissent

Comments are closed.