The malicious code infected the payment systems on December 10 and it was removed on December 12, the incident may have exposed debit and credit card data from thousands of customers.
“Our information security team discovered
“Based on our investigation to date, we understand that at different points in time after March 4, 2019, malware began running on in-store payment processing systems at potentially all Wawa locations,” reads the data breach notice issued by the company.
“Although the dates may vary and some Wawa locations may not have been affected at all, this malware was present on
The company is not aware of any unauthorized use of credit cards as a result of the payment card breach.
At the time it is not clear how many customers were affected by the incident.
The company is notifying customers and offering free credit card monitoring and identity theft prevention services to impacted customers. The company has hired a forensics firm to investigate the incident, it also reported the card breach to the authorities that are currently investigating into the case.
“As soon as we discovered this malware on December 10, 2019, we took immediate steps to contain it, and by December 12, 2019, we had blocked and contained it. We believe this malware no longer poses a risk to customers using payment cards at Wawa.” concludes the note. “As indicated above, we engaged a leading external forensics firm to conduct an investigation, which has allowed us to provide the information that we are now able to share in this letter. We are also working with law enforcement to support their ongoing criminal investigation. We continue to take steps to enhance the security of our systems.”
(SecurityAffairs – Wawa, data breach)