Since February 2017, several car wash businesses around the U.S. have had customer’s credit card data stolen. The breaches often occurred with a single third-party company, which hosted point-of-sales (POS) terminals. The more recent car wash breach was Yankee Car Wash & Detailing in Dayton, OH. Its point-of-system vendor, DRB Systems LLC, notified car washers about several other breaches that had taken place. Mount Pleasant Wash Wizard in South Carolina had been breached as well as Waterworks Car Wash in Denver. Jon Oppenheimer, owner of Waterworks Car Wash, estimated that 3,000 to 4,000 customers could have been affected. Customer’s shall receive a complimentary year of credit card monitoring. Booz Allen Hamilton’s blog, Cyber4Sight, identified more than 10 car wash companies that had reported breaches since February 2017. California saw a large number of car wash businesses breached: Auto Pride Car Wash, 7 Flags Car Wash & Lube, Westlake Touchless Car Wash, WildWater Express Car Wash, Acme Car Wash, and Clear Water Car Wash. Also, the dwell time between intrusion and detection were between 5 and 18 days.
Cyber4Sight “DRB Systems Apparent Source in Trio of California Car Wash Breaches.” Cyber4Sight, 14 Apr. 2017. https://blog.cyber4sight.com/2017/04/drb-systems-apparent-source-in-trio-of-california-car-wash-breaches/. Accessed 18 May 2017.
Navera, T., “Data breach hitting local car wash follows string of incidents around the country.” 09 May 2017. http://www.bizjournals.com/dayton/news/2017/05/09/data-breach-hitting-local-car-wash-follows-string.html. Accessed 10 May 2017.
Paul, J. “4, 000 Waterworks Car Wash customers credit’s card data at risk after breach.” 14 April 2017. http://www.denverpost.com/2017/04/14/waterworks-customers-credit-card-data-breach/. Accessed 10 May 2017.