Wawa hit with malware data breach on payment processings

The convenience and fuel chain doesn’t believe it still poses a threat to customers.

Convenience and fuel chain Wawa announced last week that it notified its customers about a malware on its payment processing servers on 10 December. The incident was contained by 12 December, according to a press release.

Debit and credit card numbers, expiration dates, and cardholder names were impacted by the malware, but debit card PINs, credit card CVV2 numbers, other PINs and driver's license information wouldn’t have been affected.

The malware began running "at different points in time" after March 4 of this year until it was discovered this month. The malware compromised customer payment card information used at "potentially all Wawa locations", according to an open letter to customers from Wawa CEO Chris Gheysens.

The company announced that it will provide identity theft protection and credit monitoring services to customers who wish to enroll, and established a dedicated call center for inquiries related to the incident. "I want to reassure you that you will not be responsible for any fraudulent charges on your payment cards related to this incident," Gheysens wrote in his letter.

Wawa owns stores and fuel stations in many states accross the United States, including Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Washington, D.C. and Florida.