"Circle K US Spills Partial Credit Card Details, Among Other Sensitive Data"

A popular chain of convenience stores and gas stations exposed employee and customer information to the public. Circle K owner Couche-Tard runs about 14,000 stores globally, and has sold 12 billion liters of gas during the previous quarter. In the US, there are around 7,000 Circle K stations. The Cybernews research team uncovered an open Circle K US dataset containing partial payment card numbers, customer loyalty card numbers, purchase data, employee email addresses, phone numbers, and zip codes, and other sensitive information, on January 12, 2023. The dataset could facilitate identity theft, financial fraud, and targeted phishing attacks if exploited. The researchers revealed that the company's internal Azure blob storage was accessible to the public. According to the Cybernews team, the Circle K Azure blob was used to store internal data such as point-of-sale (POS) terminal transaction logs, tax data, employee data, and inventory data. Following a responsible disclosure procedure, Cybernews notified the company about the leak, and Circle K resolved the issue. In 2021 alone, over 14,500 convenience stores and nearly 8,000 gas stations were robbed, making them one of the most popular targets for thieves. This article continues to discuss the discovery and potential impact of the Circle K data leak.

Cybernews reports "Circle K US Spills Partial Credit Card Details, Among Other Sensitive Data"