MAPCO Express Acting Quickly to Fix Security Breach

Working with law enforcement, tech firms, customers to solve, resolve credit/debit attack

Published in CSP Daily News

BRENTWOOD, Tenn. -- MAPCO Express Inc. is working with the FBI, computer forensics investigation firms, payment card associations and especially its customers to investigate the cause of and to identify the source of a security breach by third-party hackers that may have compromised the credit/debit card information of certain MAPCO customers.

"Our first concern is our customers," said Tony Miller, vice president of operations of MAPCO. "We regret any inconvenience this criminal act by hackers may have caused and are enhancing our information security efforts to combat future information security threats. Through our internal investigation and collaboration with forensics security firms, we have disabled the malware that was used in this incident while establishing additional safeguards designed to prevent this from happening in the future."

As reported in a Raymond James/CSP Daily News Flash on Monday, the incident involves credit-card and debit-card payments for transactions at MAPCO locations between March 19-25, April 14-15 and April 20-21.

Upon discovering the issue, MAPCO took immediate steps to investigate the incident and further strengthened the security of its payment card processing systems to block future information security attacks.

MAPCO is working with nationally recognized computer forensics investigation firms and the payment card associations to determine what happened and the extent of the information that may have been compromised. MAPCO is also working with law enforcement, including the FBI's Joint Cyber Crime Task Force, to identify the perpetrator.

MAPCO is notifying potentially affected customers because information may have been stolen that can be used to initiate fraudulent credit-card and debit-card transactions. It is advising customers who suspect that their card information may have been compromised to immediately contact their bank, credit union or credit-card or debit-card company and diligently monitor account activity and credit reports.

The company is also directing customers to www.mapcoexpress.com/security-alert-notification for more information on important steps to take if they believe they have been affected, and customers with questions may call a special help line that has been set up by MAPCO for additional customer support at (877) 297-2081.

Attendees at The Tech Event, the combined NACStech and PCATS meetings going on now in Dallas, were abuzz about the security breach. And Shekar Swamy, president of data security assessment firm Omega ATC, Ellisville, MO., told CSP Daily News, "The convenience store industry is ripe for more of this type of hacking attack. There's a perception that [retailers] don't have to do a lot beyond what they are doing today, beyond what an oil company tells them. The chances for breaches are greater in c-stores because of the complicated nature of our systems. My concern is with chains having 50 or more locations, because they are desirable targets, and many of them have gaps in their security [protocols] that need to be plugged."

[For more on The Tech Event, check out CSP senior editor Angel Abcede's Mobile 2 Go blog on CSPnet.com.]

MAPCO Express is a wholly owned subsidiary of Delek US Holdings Inc. Based in Brentwood, Tenn., MAPCO operates convenience stores in seven states under the MAPCO Express, MAPCO Mart, East Coast, Discount Food Mart, Fast Food & Fuel, Delta Express and Favorite Markets brand names.