Wawa Stores, an American chain of convenience stores and gas stations, is the latest victim of a massive financial data breach.
According to Chris Gheysens, Wawa’s CEO, the company discovered a malware payload in its payment processing systems on December 10, 2019. The security team at Wawa had blocked the malware on December 12, 2019, and it’s believed that the malware no longer poses any risk to customers making payments at Wawa stores.
Gheysens said that the malware affected the customers who made payments at Wawa stores and gas stations. However, the company clarified that the store’s ATMs were unaffected.
The number of affected customers is still unknown. It’s said that the incident potentially affected 850 stores, which are located across the East Coast from Pennsylvania to Florida since March 4, 2019.
The exposed financial information includes debit and credit card numbers, expiration dates, and cardholder names. However, PINs and CVV numbers were not exposed. The company also clarified that there is no evidence of any unauthorized use of exposed payment information.
Gheysens stated that they’ve informed law enforcement and payment card companies and appointed an external forensics firm for further investigation. The company also notified the affected users and offered free credit monitoring services. “I want to reassure you that you will not be responsible for any fraudulent charges on your payment cards related to this incident,” Gheysens said.
“We encourage you to remain vigilant by reviewing your payment card account statements. If you believe there is an unauthorized charge on your payment card, please notify the relevant payment card company by calling the number on the back of the card. Under federal law and card company rules, customers who notify their payment card company in a timely manner upon discovering fraudulent charges will not be responsible for those charges,” the company said in a statement.