YORK, Pa. (WHTM) – Rutter’s says it was attacked by malware and customers’ information was compromised. The popular convenience store chain says at least 70 locations were impacted by this data breach between October 2018 and May 2019.
“There’s a whole host of businesses that face these same challenges, and I think it speaks to the need to put in place best practices for everyone to be able to follow,” said
Sen. Kristin Phillips-Hill, the Senate Communications and Technology Committee chair.
Rutter’s, which did not make anyone available for an interview Friday, said the malware attack affects cards used inside at the registers and outside at pumps. Car washes, ATMs and lottery machines were not involved.
The company says cardholder names, card numbers, expiration dates and internal verification codes were compromised.
“We’re always behind when it comes to technology and I think it’s really imperative that government be on the forefront,” said Phillips-Hill.
Phillips-Hill is pushing for change. She wants legislation that would create timelines for people impacted to be notified and provide resources after government data breaches.
After a hearing last month, legislators are now working with stakeholders to get legislation to the House once they’re back in session.
While this wouldn’t necessarily help in the Rutter’s situation, Phillips-Hill is hopeful that if the government puts best practices in place, they would be emulated by every sector.
Meanwhile, Rutter’s is contacting affected customers who it has addresses or emails for.
The company says the malware has been removed, and it has installed enhanced security measures.
Rutter’s wouldn’t tell ABC27 when it found out about the data breach.
“If you do believe that you are a victim, that you have used a credit card at a Rutter’s store, I would cancel that credit card immediately, ” said John Sancenito, the president of Information Network Associates, which helps companies with recovery after data breaches. “If you happened to use your debit card, go to your bank and get a new debit card, and you might want to also start thinking about changing any pin numbers or passwords.”
Sancenito says breaches often are discovered on accident, after going on for long periods of time.
He recommends customers look at their credit report and see if any new credit has been opened in their name. Also, check for fraudulent charges on statements.
“Most of the time what they do is they steal the data and then they sell the data on the dark web to the people who actually commit the fraud,” said Sancenito.
Rutter’s has the locations impacted on its website.