Both Gemini Advisory and KrebsOnSecurity caught this one quickly. From Gemini Advisory:
Joker’s Stash began uploading records as advertised on January 27. The breach was titled “BIGBADABOOM-III” and appeared in four different bases. The records included the state geolocation information, but not the city or ZIP Code as previously announced. The listed geolocation data for added records ranged across 40 states. However, much of this data appeared to be falsified, and only six states appeared to be genuinely affected.
Read more on Gemini Advisory, who have a frequency distribution of payment cards by state. Read also Brian Krebs’ coverage, which includes discussion of Gemini Advisory’s findings.