Wawa Announces Massive Data Breach That Potentially Affected Customers’ Payment Information Across All Their Locations
SARASOTA, Fla. (WWSB) – Bad news if you’ve ever made a purchase at a Wawa store – your payment information may have been exposed.
Wawa CEO Chris Gheysens said on December 10, their information security team discovered malware on their processing servers. It was contained two days later, but the malware affected customer payment information used in all Wawa sites from various times after March 4, 2019 until it was contained.
This means that thousands of Wawa customers could be affected. The company said the information that could have been gathered included credit and debit card numbers, expiration dates and cardholder names on payment cards. It shows debit card PIN numbers, credit card CVV2 numbers (the three or four digit security code printed on the card), other PIN numbers, and driver’s license information used to verify credentials. purchases subject to an age limit have not been affected by this malware.
Gheysens says they believe the malware no longer poses a risk to customers using a charge card at Wawa stores, and that it has never posed a risk to their ATMs.
“I deeply apologize to all of you, our friends and neighbors, for this incident. You are my top priority and vitally important to all of Wawa’s approximately 37,000 associates. We take this special relationship with you and the protection of your information very seriously. I can assure you that throughout this process everyone at Wawa has followed our long standing values and worked quickly and diligently to resolve this issue and keep our customers informed as quickly as possible, ”he said. stated in a press release.
Below is detailed information of the company:
What happened? Based on our investigation to date, we understand that at various times after March 4, 2019, malware began to run on in-store payment processing systems in potentially all Wawa locations. Although dates may vary and some Wawa locations were not affected at all, this malware was present on most store systems around April 22, 2019. Our Information Security team has identified this software malicious on December 10, 2019 and December 12. 2019, they had blocked and contained this malware. We also immediately launched an investigation, briefed law enforcement and payment card agencies, and engaged a leading external forensic firm to support our response efforts. Due to the immediate actions we took after the discovery of this malware, we believe that as of December 12, 2019, this malware no longer poses a risk to customers using payment cards at Wawa.
What information was involved? Based on our investigation to date, this malware has affected payment card information, including credit and debit card numbers, expiration dates, and cardholder names on credit cards. payment used at potentially all Wawa in-store payment terminals and fuel dispensers from various times after March 4, 2019 and ending December 12, 2019. Most locations were affected as of April 22, 2019, however, some locations may not have been affected at all. No other personal information has been accessed by this malware. Debit card PINs, credit card CVV2 numbers (the three or four digit security code printed on the card), other PINs, and driver’s license information used to verify purchases subject to a age limit have not been affected by this malware. If you have not used a payment card at an in-store payment terminal or Wawa fuel dispenser during the relevant period, your information has not been affected by this malware. At this time, we are not aware of any unauthorized use of payment card information as a result of this incident. ATMs in our stores were not involved in this incident.
What we do As soon as we discovered this malware on December 10, 2019, we took immediate action to contain it, and by December 12, 2019, we had blocked and contained it. We believe that this malware no longer poses a risk to customers using payment cards at Wawa. As noted above, we have engaged a leading external forensic firm to conduct an investigation, which has enabled us to provide the information we are now able to share in this letter. We are also working with law enforcement to support their ongoing criminal investigation. We continue to take steps to improve the security of our systems. We have also set up a dedicated toll-free call center (1-844-386-9559) to answer customer questions and offer free credit monitoring and identity theft protection to anyone with information may have been involved, for which you can register. as described below.
To learn how to protect your information, you can also visit here:
Copyright 2019 WWSB. All rights reserved.