Circle K data leak: sensitive customer information exposed
Circle K, a popular convenience store and gas station operator, has spilled sensitive information about its clients and employees.
Circle K, operating around 7,000 branded stores in the US, left a dataset with tons of sensitive information accessible to the public: partial payment card numbers, full customer loyalty card numbers, purchase data, employee email addresses, phone numbers, and zip codes were exposed.
The discovery was made by Cybernews, a research-based online publication. Researchers claim that the dataset could lead to identity theft, financial fraud, and targeted phishing campaigns, among other criminal activities, if exploited.
Circle K immediately fixed the issue yet hasn’t responded to requests for more information.
According to Cybernews researchers, Circle K leaky dataset contained partial credit card numbers and full loyalty card numbers, as well as detailed information about purchases.
“The leaked information could provide threat actors with access to customer location and spending habits, and even allow for guessing payment details, which would naturally lead to financial loss,” the research reads.
Sensitive employee data, including full names, personal email addresses, phone numbers, and ZIP codes, among other sensitive information, was in the exposed dataset.