[BreachExchange] Wawa data breach: Convenience chain facing lawsuits over security incident at all of its stores

Destry Winant destry at riskbasedsecurity.com
Mon Dec 30 10:22:11 EST 2019


The Wawa convenience store chain is facing a wave of lawsuits over a
data breach that affected its 850 locations along the East Coast.

Wawa discovered malware on its payment processing servers this month
before stopping the breach Dec. 12, the company has said. Officials
with the company, based in Wawa, Pennsylvania, believe the malware had
been collecting card numbers, customer names and other data since as
early as March.

The Philadelphia Inquirer reported Friday that at least six lawsuits
seeking class-action status have been filed in federal court in

“The data breach was the inevitable result of Wawa’s inadequate data
security measures and cavalier approach to data security,” said one
suit, filed by the law firm Chimicles Schwartz Kriner &
Donaldson-Smith, of Haverford.

A Wawa spokesman declined to comment on the pending litigation.

The breach affected all stores, which stretch along the East Coast
from Pennsylvania to Florida. In-store payments and payments at fuel
dispensers were affected, but cash machines were not.

A look back at the retailers lost in a decade of store closingsWhile
indicators are positive for now, the 2020 economy is fragileThe Daily
Money: Subscribe to our newsletterMaking New Year’s resolutions? These
free tech apps can help you

Wawa has said it will offer free credit card monitoring and identity
theft prevention services to anyone whose information might have been

Police are investigating, and the company has also hired a forensics
firm to conduct an internal investigation.

More information about the BreachExchange mailing list