Woman Arrested for Using Fuel Pump Software Flaw to Take $27K in Free Gas

A security oversight that anyone could discover by accident let her get thousands of gallons of free gas.
A Pump & Pantry gas station in Nebraska
Pump & Pantry on Facebook

A Nebraska woman has been arrested after an exploitable flaw at a gas station pump netted her more than $27,000 in free fuel without paying. The security error was so basic it could’ve been discovered by anyone, but she might have pushed her luck too far.

1011 NOW reports that 45-year-old Dawn Thompson of Lincoln, Nebraska is suspected of using the faulty programming to her advantage to pump (and in some cases resell) more than 7,400 gallons of gas. In November 2022, pumps at a local station were updated with software that featured a hidden test mode, which would dispense gas without payment. It was activated by simply swiping a loyalty card twice, which might’ve been how Thompson learned of the feature. It’s also possible she learned about it from the man who gave her the card to settle a debt—though he has since passed away, and is unavailable for questioning.

Thompson used the function to pump gas without paying 510 separate times between November 13, 2022 and June 1, 2023, police believe. She would reportedly swipe multiple times per day on some occasions, and charge others to use her card. In fact, that may be the reason she was even caught in the first place.

After the security hole was patched on June 1, Thompson sold the card. But police tracked down one of her customers, who reportedly said she had been promised “discounted fuel,” and paid $500 for gas that would’ve cost $700 at retail. Between repeated card use, security footage, and a report from the station’s loss prevention manager, Thompson was eventually identified and arrested on March 6. She was charged with one count of theft of more than $5,000.

While it’s easy to think of Thompson as a criminal, it’s possible she was told the card simply had a large balance in gas credit on it. Regardless of intent, she wouldn’t have had the chance if the pump’s programmers hadn’t left a glaring security flaw to begin with. A customer might swipe a loyalty card twice if they thought the first swipe didn’t work, or if they weren’t paying attention. There was a design oversight here, and the gas station should be going after its supplier for negligence.

As for Thompson? Let the lady off the hook. She’s clearly got hustle, so someone offer her a dang job. Maybe she can even fix Boeing if someone gives her the chance.

Got a tip or question for the author? You can reach them here: james@thedrive.com