A data breach based on malware in the payment system of iconic east coast convenience store chain Wawa that struck “potentially all” of its locations may have compromised the payment details of a large number of customers. Company leadership apologized to customers for the breach in a letter over the weekend.
According to a local news report, Wawa, the popular convenience store and gas station chain with 842 stores primarily located on the east coast, experienced a massive data breach earlier this month. The breach, which took place between December 10 and 12, struck all the chain’s locations according to the company and potentially compromised the private information of untold thousands of Wawa customers.
In a letter to customers published on the Wawa website, CEO Chris Gheysens said that the company’s IT staff discovered malware on the payment processing server. Gheysens went on to state that the malware may affect all 842 Wawa locations.
At Wawa, the people who come through our doors every day are not just customers, you are our friends and neighbors, and nothing is more important than honoring and protecting your trust. Today, I am very sorry to share with you that Wawa has experienced a data security incident. Our information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019. This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained. At this time, we believe this malware no longer poses a risk to Wawa customers using payment cards at Wawa, and this malware never posed a risk to our ATM cash machines.
It is not exactly clear at this point how many Wawa customers were affected by the breach. Every day, thousands of customers stop at Wawa locations for gas or food items at their local store.
“I can assure you that throughout this process, everyone at Wawa has followed our longstanding values and has worked quickly and diligently to address this issue and inform our customers as quickly as possible,” Gheysens added in the letter.
This certainly isn’t the first high-profile consumer data breach of the year. Breitbart News reported in September that food delivery service DoorDash experienced a data breach that affected 4.9 million customers and workers.
Stay tuned to Breitbart News for more updates on this story.