Wawa, a chain of gas stations and convenience stores located in Florida, Pennsylvania, New Jersey, Delaware, Maryland, Virginia, and Washington, DC, announced a data breach of their customers’ debit and credit cards at “potentially all” Wawa stores.
“I want to reassure anyone impacted they will not be responsible for fraudulent charges related to this incident. To all our friends and neighbors, I apologize deeply for this incident,” said Chris Gheysens, Wawa CEO.
The data breach occurred when malware began running on Wawa payment processing servers at different points in time from March 4, 2019, through December 12, 2019.
According to Wawa, the data breach information is limited to payment card information, including debit and credit card numbers, expiration dates and cardholder names, but does not include PIN numbers or CVV2 numbers.
The ATM cash machines in Wawa stores were not impacted by the data breach.
After discovering the malware, Wawa took immediate steps and believes it no longer poses a risk to customers.
Wawa is supporting its customers by offering identity protection and credit monitoring services at no charge to them.
Wawa has also established resources to answer customers’ questions, including a dedicated call center that can be reached at 1-844-386-9559, Monday – Friday, between 9:00 am and 9:00 pm Eastern Time or Saturday and Sunday between 11:00 am and 8:00 pm, excluding holidays.