Convenience and petrol store, Wawa, has given notification to potentially impacted individuals about a data security incident that affected customer payment card information used at potentially all Wawa locations during a specific timeframe.
Based on the investigation to date, the information is limited to payment card information, including debit and credit card numbers, expiration dates and cardholder names, but does not include PIN numbers or CVV2 numbers.
The ATM cash machines in Wawa stores were not impacted by this incident. Currently Wawa claims it is not aware of any unauthorized use of any payment card information as a result of this incident.
Wawa’s information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019. After discovering this malware, Wawa says it engaged a leading external forensics firm and notified law enforcement. Based on Wawa’s forensic investigation, it is now understood that the malware began running at different points in time after March 4, 2019.
“At Wawa, the people who come through our doors are not just customers, they are our friends and neighbors, and nothing is more important than honoring and protecting their trust,” said Chris Gheysens, Wawa CEO.
“Once we discovered this malware, we immediately took steps to contain it and launched a forensics investigation so that we could share meaningful information with our customers. I want to reassure anyone impacted they will not be responsible for fraudulent charges related to this incident. To all our friends and neighbors, I apologize deeply for this incident.”
Wawa is supporting its customers by offering identity protection and credit monitoring services at no charge to them. Information about how to enroll can be found on the Wawa website below. Wawa has also established resources to answer customers’ questions, including a dedicated call center that can be reached at 1-844-386-9559, Monday – Friday, between 9:00 am and 9:00 pm Eastern Time or Saturday and Sunday between 11:00 am and 8:00 pm, excluding holidays.
Wawa has also posted information on its website, www.wawa.com, including a letter from Wawa’s CEO and more details for impacted customers.
The post #Privacy: US convenience store, Wawa announces data breach appeared first on PrivSec Report.