YORK, Pa. (WHTM) — Rutter’s released a statement on its website Thursday saying numerous locations were victim to a data breach that allowed a third-party to access customers’ credit card information from Oct. 1, 2018, until May 29, 2019.
At least 70 locations in Pennsylvania were compromised, as well as one in West Virginia. You can find them here.
The company investigated the situation after receiving a report that customer payment cards were in jeopardy, revealing that in January they discovered it was a result of malware installed on the company’s payment processing system.
That malware impacted both fuel pumps and inside stores, possibly taking a cardholder’s name, card number, expiration date, and internal verification code through swiping the card traditionally, though for chip-enabled cards, numbers and expiration dates only were vulnerable.
The company says payment card transactions at Rutter’s car washes, ATM’s, and lottery machines were not involved.
Rutter’s does not believe any other customer information is susceptible and explicitly noted this data breach is not a result of skimmers on fuel pumps.
The malware has since been removed and the company says “enhanced security measures” have been implemented.