Wawa experienced a security incident caused by malware starting from March 4th on its payment processing servers. The malware impacted payment processed in all Wawa locations.

Wawa founded in 1964, it is an American chain of convenience stores and gas stations located in many places around the United States.


Wawa Security Incident

According to their investigation the malware deployed on the server at different points of time after March 4, 2019, the malware runs on the in-store payment processing systems at all locations.

Wawa security team has detected the malware installation in its payment processing systems on December 10, 2019, and by December 12, 2019. The malware was contained. The company not shared any details about how the malware deployed in the payment processing systems.

The company has notified the law enforcement and payment card companies and engaged with a forensics firm to investigate the incident.

“I want to reassure you that you will not be responsible for any fraudulent charges on your payment cards related to this incident, as described in the detailed information below. Please review this entire letter carefully to learn about the resources Wawa is providing and the steps you should take now to protect your information,” Wawa CEO Chris Gheysens.

What are the Details Exposed

As the malware deployed in the payment processing of Wawa it affects all the customer’s payment card used in the stores.

The details affected include payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards.

Also, the company confirms that information such as Debit card PINs, credit card CVV2 numbers, other PINs, and driver’s license information are not affected by the malware.

According to the company, the malware has been contained and investigation in progress and the company notified that they are offering free credit card monitoring and identity theft prevention services to impacted customers.

“I apologize deeply to all of you, our friends and neighbors, for this incident. You are my top priority and are critically important to all of the nearly 37,000 associates at Wawa. We take this special relationship with you and the protection of your information very seriously. I can assure you that throughout this process, everyone at Wawa has followed our longstanding values and has worked quickly and diligently to address this issue and inform our customers as quickly as possible,” Wawa CEO Chris Gheysens.

Also Read

Data Leak – 267 Million Facebook Users Phone Numbers and User IDs Exposed Online

U.S. Based Hospital to Pay $2.175M for Not Reporting the Data Breach of Health Care Data

You can follow us on LinkedinTwitterFacebook for daily Cyber Security and hacking news updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.