If you used a debit or credit card at a Wawa convenience store or gas station in 2019, your payment information may have been among the records compromised in a data breach that potentially affected all of the chain’s 850 East Coast stores.
Wawa CEO Chris Gheysens said in a Dec. 19 letter to customers that the company’s information security team discovered malware on the Wawa payment processing servers. The company discovered the intrusion on Dec. 10 but said that the malware had started running on some store systems sometime after March 4, 2019. The malware was present on most store payment processing systems by April 22, 2019.
The data breach exposed customers’ payment card information, including debit and credit card numbers, expiration dates, and cardholder names used in Wawa’s in-store payment terminals and gas station dispensers.
Mr. Gheysens said the data breach was blocked and contained on Dec. 12 and no longer poses a risk to customers. Although Wawa says it is not aware of any unauthorized use of debit and credit card information as a result of the breach, the company urges customers to remain on the lookout for suspicious activity on their payment cards.
The Philadelphia-based chain is offering identity protection and credit monitoring services free of charge for its customers. A Wawa call center and toll-free number, 1-844-386-9559, has also been set up to assist customers. The company says it has hired an external forensics company to investigate the data breach. Law enforcement officials are also investigating the intrusion.
“I want to reassure you that you will not be responsible for any fraudulent charges on your payment cards related to this incident,” Mr. Gheysens said in his letter to customers.
The Wawa data breach adds to the long list of hack jobs that had already made 2019 a banner year for cyber thieves.
According to the Washington Post, the credit reporting company ScoreSense said 5,200 data breaches were reported this year, up by a full third over 2018. These breaches exposed about 8 billion records and affected nearly half of all Americans.
“Companies, especially those entrusted to handle the personal and financial information of millions of customers, must spare no expense in safeguarding their computer systems. A 33 percent rise in the number of U.S. data breaches is unacceptable,” said Beasley Allen lawyer Tyner Helms. “That means millions of U.S. consumers are at real risk of financial harm and identity theft because the security measures at one place they shopped were inadequate.”
Helms and colleague Leslie Pescia handle cases involving fraud for Beasley Allen, including issues involving cybersecurity affecting consumers, the public and employees. If you feel you have a claim of economic loss related to the Wawa data breach or other cybersecurity issues, we would like to talk with you.