Rutter’s issued a news release on its website Thursday saying that installed malware affected fuel pumps and interior payment systems at stores in Pennsylvania and West Virginia.
The company’s statement says numerous locations were victim of a data breach that allowed a third-party access to customers’ credit cards from Oct. 1, 2018, until May 29, 2019.
At least 70 locations in Pennsylvania and one in West Virginia were compromised. Among the compromised sites listed are stores at 1150 Carlisle Pike north of Carlisle; 1455 York Road in Monroe Township; 714 W. Main St. in Mechanicsburg; 368 Lewisberry Road in New Cumberland; and 1 Airport Road in Shippensburg.
The breach may have compromised credit cardholders’ names, card numbers, expiration dates and internal verification codes.
The company said for customers Rutter’s can identify as having used their card at a location involved during that time and for whom Rutter’s has a mailing address or email address, Rutter’s will mail them a letter or send them an email.
The company says payment card transactions at Rutter’s car washes, ATM’s and lottery machines were not involved.
Rutter’s said it does not believe any other customer information is susceptible and that the data breach is not a result of skimmers on fuel pumps.
The malware has since been removed and the company said “enhanced security measures” have been implemented.
Sign up for our Crime & Courts newsletter
Get the latest in local public safety news with this weekly email.