It's unclear from MAPCO's disclosure whether the attack came via payment card skimming devices, but the company did say it had "disabled the malware" used in the attack, which is currently under investigation by the FBI.
"Our first concern is our customers," said Tony Miller, vice president of operations at MAPCO. "We regret any inconvenience this criminal act by hackers may have caused and are enhancing our information security efforts to combat future information security threats. Through our internal investigation and collaboration with forensics security firms, we have disabled the malware that was used in this incident while establishing additional safeguards designed to prevent this from happening in the future."
MAPCO says the attack affects debit and credit-card payments made at its stores between March 19 and 25, April 14 and 15, and April 20 and 21.
The company has hired "nationally recognized computer forensics investigation firms" to help handle the investigation, and to determine how much data was affected, it says.
MAPCO has advised its customers who think they may be at risk to contact their banks or payment card firms and begin monitoring account activity. They can also call MAPCO at 877-297-2081 for addition support, and visit this Web page for more information on the breach.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.