MapCo Express issues security notice regarding exposed credit, d - WAFB 9 News Baton Rouge, Louisiana News, Weather, Sports

MapCo Express issues security notice regarding exposed credit, debit cards

Posted: Updated:
Photo Source: WBRC/Dixon Hayes Photo Source: WBRC/Dixon Hayes

If you used a credit or debit card to make a payment within the MAPCO Express, Inc. family of retail fuel and convenience stores, we want to alert you to a payment card information breach that may have exposed your credit or debit card information.  These stores include MAPCO Express®, MAPCO Mart®, East Coast®, Discount Food Mart™, Fast Food and Fuel™, Delta Express®, and Favorite Markets® locations in Tennessee, northern and central Alabama, Arkansas, northern Georgia, Kentucky, northern Mississippi, and Virginia.

Third party hackers used malware to access the payment card processing systems in our stores between March 19-25, April 14-15, and April 20-21, 2013.  These systems transmit certain card information needed for the approval of transactions.  The hackers may have stolen information that could potentially be used to initiate fraudulent credit and debit card transactions.

Although it is not clear if any of your card information was stolen, we wanted to notify you about this criminal activity.  As soon as we learned of the malware, we took steps to disable the malware and further strengthen the security of our payment card processing systems.  We also began working with a nationally-recognized computer forensics investigation firm and the payment card associations to determine exactly what happened and what information may have been compromised.  We are cooperating with federal law enforcement, including the FBI's Joint Cyber Crime Task Force, to find the third party hackers responsible for this crime.  We are providing this notice to you after law enforcement advised that notice would not impede their criminal investigation.

If you suspect that your card information may have been compromised, you should immediately contact your bank, credit union, or credit or debit card company.  In all cases, we advise you to remain vigilant by reviewing your account statements and monitoring your credit reports.  Even though we have implemented internal security controls to contain any data loss, any card information that was already accessed by the hackers could still be used to initiate fraudulent transactions.

Please see the Important Disclosures linked below and  call us for further information and assistance at 1‑877‑297‑2081 Monday through Friday 7 a.m. to 10 p.m. Central Time and on Saturday and Sunday from 8 a.m. to 4 p.m. Central Time.  Please refer back to this site from time to time for updates as we continue our investigation into this crime.

We value your business and take the security of your payment card information very seriously.  We sincerely apologize for any inconvenience this incident may cause you.

Important Disclosures

Credit and Debit Card Accounts

Credit Reports

Fraud Alerts  |  Review Credit Reports  |  Security Freeze  |  Law Enforcement

Frequently Asked Questions

Frequently Asked Questions


Credit and Debit Card Accounts

You should review your most recent credit and debit card account statements and those that you receive for the next 12‑24 months and promptly report any suspicious activity to your card issuer.  You may also wish to review information from the Federal Trade Commission on the steps you can take to protect yourself from identity theft. 

Please visit http://www.consumer.ftc.gov/articles/pdf-0009-taking-charge.pdf.  For information from the Federal Trade Commission on how federal law limits your liability for unauthorized charges, please visit http://www.consumer.ftc.gov/articles/0213-lost-or-stolen-credit-atm-and-debit-cards

 

Fraud Alert and Free Credit Report

We recommend that you obtain a copy of your credit reports from each of the three nationwide consumer reporting agencies and place a fraud alert on your credit files.  A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts.  You may contact any one of the three nationwide credit reporting companies below to place a fraud alert on your files.  We recommend that you contact one of the credit reporting companies by phone or online to find out the specific requirements and expedite this process.  As soon as one credit reporting company confirms your fraud alert, the others are notified to place fraud alerts.  After your fraud alert request, all three credit reporting companies will send you one free credit report for your review.

Equifax

1-800-525-6285
Equifax Website
P. O. Box 105788
Atlanta, GA 30348

Experian

1-888-397-3742
Experian Website
P. O. Box 9554
Allen, TX 75013

TransUnion

1‑800-680-7289
TransUnion Website
P. O. Box 6790
Fullerton, CA 92834-6790

 


Security Freeze

You also have the right to place a security freeze on your credit report.  A security freeze is intended to prevent credit, loans, and services from being approved in your name without your consent.  To place a security freeze on your credit report, you need to contact each of the three nationwide credit reporting companies separately.  The credit reporting company may charge a fee, which varies by state, to place a freeze or lift or remove a freeze; the freeze should be free if you are a victim of identity theft or the spouse of a victim of identity theft, and you have submitted a valid police report relating to the identify theft incident to the credit reporting company.  We recommend that you contact the credit reporting companies, identified above, by phone or online to find out specific requirements and expedite this process.


Review Credit Reports and Annual Free Credit Report

Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically.  Stolen credit and debit card information is sometimes held for future use or shared among a group of thieves at different times.  Checking your credit report periodically can help you spot problems and address them quickly.

You may obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting companies once per year.  This annual free report is in addition to the free report you will receive if you order a fraud alert, as described above.  To order your annual free report, please visit www.annualcreditreport.com, call toll free at 1-877-322-8228, or directly contact the three nationwide credit reporting companies.


Law Enforcement

If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local police department and file an identity theft police report.  Get a copy of the report.  Many creditors may want the information contained in the report to absolve you of the fraudulent debts.  You also should file a complaint with the FTC at www.ftc.gov/idtheftor at 1‑877‑ID‑THEFT (877-438-4338).  Your complaint will be added to the FTC's Identity Theft Data Clearinghouse where it will be accessible to law enforcement for their investigations.


Frequently Asked Questions

I believe that I have been impacted by this breach.  What do I do now?

If you suspect that you have been affected by this data breach or have questions regarding suspicious activity on your credit or debit card, please contact your bank, credit union, or credit card company.  We encourage you to monitor your card account statements and credit reports from the three nationwide consumer reporting agencies.  The notice on this website also provides information about how you can obtain a copy of your credit reports and other information about how you can protect yourself from identity theft and prevent fraudulent transactions on your accounts.  Important Disclosures


Is it safe for me to use my credit or debit card at a MAPCO store?

We value your business and strive every day to protect the security of your payment card data.  We have identified and disabled the malware that was used in this incident and have further enhanced our information security controls to combat information security threats.  We are also working with law enforcement, including the FBI's Joint Cyber Crime Task Force, to identify the perpetrators responsible for this crime.


 How did this breach occur and what is MAPCO doing to inform and protect customers?

 We believe that third party hackers were able to remotely install malware on the payment card processing systems used in certain of our retail stores.  This malware may have been active in all of our stores from March 19-25, 2013, in our 1301 Dickerson Road, Goodlettsville, Tennessee and 6624 Charlotte Pike, Nashville, Tennessee stores from April 14-15, 2013 and in certain stores from April 20-21, 2013.  If you used a credit or debit card at these locations during these time periods, your card information may have been compromised.

When we discovered the malware, we took steps to disable the malware and hired a nationally- recognized forensics security investigations firm to determine whether an information breach had occurred, the nature of this malware, and whether payment card information may have been compromised.  We also took steps to further strengthen the security of our payment card processing systems to block information security attacks.   When the investigators identified that certain information may have been compromised, we began to proactively notify our customers by posting information on our website and informing the media in the seven states in which we operate.  We have set up a call center for our customers who may have additional questions.  Please refer to the notice at this website for information about the call center.  Important Disclosures


What is MAPCO doing to catch the perpetrators of this crime?

MAPCO is working with federal law enforcement, including the FBI's Joint Cyber Crime Task Force, to identify those responsible for this information breach. The perpetrators have not yet been identified.


Why was my card information on these payment processing systems and is it still there?

The payment card processing systems in our stores transmit credit and debit card information needed to process card transactions initiated by our customers.  This information is not stored by MAPCO and is only held in these systems for minutes.  We believe the hackers were able to access this card data when the malware was active on the systems.  This malware has been disabled.


How do I know whether the store I went to was impacted by this breach?

The impacted stores are part of the MAPCO Express, Inc. family of retail fuel and convenience stores and include MAPCO Express®, MAPCO Mart®, East Coast®, Discount Food Mart™, Fast Food and Fuel™, Delta Express®, and Favorite Markets® locations in Tennessee, northern and central Alabama, Arkansas, northern Georgia, Kentucky, northern Mississippi, and Virginia.

The hackers accessed the payment processing systems used in all of our stores from March 19-25, in certain stores from April 20-21, 2013, and at 2 stores in Goodlettsville and Nashville, TN from April 14-15, 2013.  If you used your credit or debit card at one of these locations during these time periods, you card data may have been compromised.

You may review a map of our locations at mapcomart.com.


 Why are you notifying me now that this happened?

Our customers are our top priority and maintaining the security of their payment card data is very important to us. Once we verified that there was an information security breach we moved forward to alert our customers and we are working in collaboration with law enforcement, including the FBI's Joint Cyber Crime Task Force, and forensic experts to identify source of this security breach. We do not permanently store your name and address on our payment card processing systems.  Although we do not retain this information, we wanted to proactively reach out to our customers via our website and the media to alert you of this data breach so you can monitor your card accounts and credit reports for suspicious activity.  You can also review the notice at this website for more information about how you can protect yourself from identity theft and prevent fraudulent transactions on your accounts.  Important Disclosures


What information was compromised?

The payment processing systems used in our stores transmit certain basic information required to process your credit or debit card purchase, such as your name and card number.  They do not retain other information, such as your Social Security Number, driver's license number, telephone number, or e-mail address. The hackers may have obtained sufficient information to initiate fraudulent transactions on your account, using your name and card number.  Even if you used a credit or debit card to make a payment at one of our stores during the relevant time periods, we cannot confirm whether or not your information was actually compromised.


If my information was on a hacked payment card processing system, does this mean that I am a victim of identity theft?

The fact that a payment processing system may have been compromised by a hacker does not necessarily mean you are or will become a victim of identity theft or that your information will be used to commit fraud.  We care about our customers and want to let you know about this incident so that you can take appropriate steps to help protect yourself.  We are encouraging all of our customers who made card payments at our stores during certain time periods to diligently monitor their card accounts and credit reports for suspicious activity.  You should promptly notify your bank, credit union, card issuer, or the consumer reporting agencies of any suspicious activities you may discover.  You can also review the notice at this website for more information about how you can protect yourself from identity theft and prevent fraudulent transactions on your accounts.  Important Disclosures


Should I close my credit card account or my bank account tied to my debit card?

Your credit card issuer may suggest that you change your account number.  Your card issuer may provide you with a new card with this new account number.  There were no bank or credit union account numbers on the hacked payment card processing systems, but your bank or credit union may request that you change your account or access numbers.  Please contact your card issuer, bank, or credit union for specific questions about your account.

INFORMATION SOURCE: MapCo Express

Powered by WorldNow