Wawa announced a large-scale malware compromise breaching payment cards processed at the pump or inside between March 4 and December 12, 2019, also admitting that the company “does not have sufficient information to determine” how many payment cards were exposed. The gas station and convenience store has more than 850 locations along the east coast with $10.6 billion in annual revenue.
Wawa identified malware on December 10 that compromised payment card numbers along with expiration dates and cardholder names for all transactions, whether they occurred at the pump or in-store. Card security codes were not included in the breach. The malware could have been present as far back as March and is believed to have impacted all locations.
Wawa is now offering free credit monitoring and identity theft protection to all impacted customers. Their CEO issued a written apology noting that customers “will not be responsible for any fraudulent charges on cards related to the data breach.” Of course that fraud liability protection is provided by the card issuing bank, and represents a fraud loss an innocent merchant will likely incur from a fraudster using the payment card information intercepted from Wawa.
For More Information: