Wawa warns of 'data security incident' involving credit and debit card information
Wawa customers who paid with credit or debit cards in the last nine months may have had their card information compromised, the convenience store chain announced Thursday.
In a letter, Wawa CEO Chris Gheysens said the chain's information security team "discovered malware on Wawa payment processing servers" on Dec. 10, "contained" the malware by Dec. 12 and "immediately engaged a leading external forensics firm and notified law enforcement."
"This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained," Gheysens wrote. "At this time, we believe this malware no longer poses a risk to Wawa customers using payment cards at Wawa."
The chain operates more than 850 stores in Delaware, Pennsylvania, Maryland, Virginia, New Jersey, Florida and Washington, D.C.
Replacing cash: Will 2020 mark the start of a decade when Americans finally ditch cash and use digital wallets, credit cards?
Traveling for Christmas?: Burger King offers free Impossible Whoppers for delayed flights
Wawa says the malware did not capture PIN numbers or CVV2 numbers and that ATM machines in stores were not impacted.
The letter said at this time Wawa officials were "not aware of any unauthorized use of any payment card information as a result of this incident."
"At Wawa, the people who come through our doors are not just customers, they are our friends and neighbors, and nothing is more important than honoring and protecting their trust," Gheysens said in the letter. "I want to reassure anyone impacted they will not be responsible for fraudulent charges related to this incident."
Due to the breach, Wawa is offering free identity protection and credit monitoring. Learn more and how to register at www.wawa.com/alerts/data-security.
Contributing: Kelly Tyko, Paste BN
Follow Isabel Hughes on Twitter: @izzihughes_.