Convenience store chain Wawa disclosed a malware incident that might have exposed some of its customers’ payment card details.
In a “Notice of Data Breach” published on December 19, 2019, Wawa CEO Chris Gheysens revealed that the company’s information security teams had discovered malware on some of its payment processing systems earlier in the month.
The security team successfully contained the malware on December 12, 2019. Even so, an analysis of the infection revealed that the malware could have affected customers’ payment card details used at potentially all Wawa locations between March 4, 2019 and the date of its containment.
Upon discovering the infection, the convenience store chain enlisted the help of a digital forensics firm to conduct an investigation into what happened. This effort helped uncover the findings shared above.
Wawa also notified law enforcement, took steps to improve the security of its systems going forward, set up a toll free hotline for customers and offered credit monitoring and identity theft protection without charge to affected individuals.
Gheysens explained that the company took these steps out of its commitment to its customers. As quoted in a statement posted on PR Newswire:
At Wawa, the people who come through our doors are not just customers, they are our friends and neighbors, and nothing is more important than honoring and protecting their trust. Once we discovered this malware, we immediately took steps to contain it and launched a forensics investigation so that we could share meaningful information with our customers. I want to reassure anyone impacted they will not be responsible for fraudulent charges related to this incident. To all our friends and neighbors, I apologize deeply for this incident.
In addition to signing up for the offered identity protection services, Wawa customers should make a point of reviewing their payment card statements for suspicious transactions and placing a fraud alert or security freeze on their credit files.