Published on January 2nd, 2020 📆 | 6119 Views ⚑0
Wawa Announces Data Breach Potentially Affecting More Than 850 Stores
Wawa, a convenience store and gas station chain, notified customers Thursday of a data breach that collected debit and credit card information at potentially all of its more than 850 locations along the East Coast. It is now offering free credit monitoring and identity theft protection to those affected.
“Today, I am very sorry to share with you that Wawa has experienced a data security incident,” Chris Gheysens, Wawa’s chief executive, said in a letter. Customers will not be responsible for any fraudulent charges on cards related to the data breach, he said.
“I apologize deeply to all of you, our friends and neighbors, for this incident,” Mr. Gheysens added. “You are my top priority and are critically important to all of the nearly 37,000 associates at Wawa.”
Malware was discovered on Wawa payment processing servers on Dec. 10; it was blocked and contained by Dec. 12, the company said, adding that the malware no longer posed a risk to customers using cards to pay.
Customer information including credit and debit card numbers, expiration dates and cardholder names on payment cards used in store and at fuel pumps was being collected as early as March 4, the company said. A.T.M.s inside stores were not affected.
Debit card PINs, credit card security code numbers and driver’s license information were also not part of the breach, the company said, adding that it was not aware of any unauthorized use of any payment card information because of the breach.
“Because of the type of data involved, Wawa does not have sufficient information to determine how many unique individuals’ payment card information may have been involved,” Lori Bruce, a spokeswoman, said in a statement Friday.
After learning of the breach, Wawa initiated an investigation, notified law enforcement and payment card companies, the company said, adding that it had brought on board an external forensics firm for support.
The company, which is based in Pennsylvania, established a dedicated call center to answer questions.
“At Wawa, the people who come through our doors every day are not just customers, we consider them family and nothing is more important than honoring and protecting their trust,” Ms. Bruce said.
It has become increasingly common for data breaches to occur at big companies.
In July, Capital One said that a hacker had compromised the personal information of more than 100 million people, creating one of the largest-ever data breaches from a bank.
In March 2018, Under Armour said it experienced a data breach affecting 150 million accounts on its app MyFitnessPal. Months later, the genealogy site MyHeritage said 92 million users were affected in its data breach, and Timehop, an app that collects old photos and posts from social media, said a breach in July 2018 affected 21 million users.