The Wawa convenience store chain is facing a wave of lawsuits over a recent security breach that affected its 850 locations in the US.
Wawa convenience store chain disclosed a payment card breach, its security team discovered a PoS malware on its payment processing systems.
Wawa operates more than 860 convenience retail stores, this breach is potentially one of the biggest card incidents in 2019. The malware affected in-store payments and payments at fuel dispensers, anyway ATM machines were infected.
The malicious code infected the payment systems on December 10 and it was removed on December 12, the incident may have exposed debit and credit card data from thousands of customers.
The PoS malware was planted on Match 4, it began running on in-store payment processing systems at potentially all Wawa locations. The malicious code was designed to collect card numbers, cardholder names, and other data,
The company is not aware of any unauthorized use of credit cards as a result of the payment card breach.
At the time it is not clear how many customers were affected by the incident.
According to the Philadelphia Inquirer, at least six lawsuits seeking class-action status have been filed in federal court in Philadelphia.
“The data breach was the inevitable result of Wawa’s inadequate data security measures and cavalier approach to data security,” said one suit, filed by the law firm Chimicles Schwartz Kriner & Donaldson-Smith, of Haverford.
“Wawa has been hit with a wave of lawsuits claiming the company failed to protect consumers from a massive data breach that exposed their credit and debit card information.” reads the post published by The Inquirer.
According to at least six lawsuits, seeking class-action status, that have been filed in federal court in Philadelphia the company failed to adequately secure its computer systems from hackers who installed malware affecting potentially all of its stores.
The complaints define Wawa’s approach to data security as “cavalier” and “lackadaisical,” The company is accused of negligence and breach of contract. All the suits agree the issue involves more than $5 million.
“Victims of the data breach have had their sensitive card Information compromised, had their privacy rights violated, been exposed to the increased risk of fraud and identify theft, lost control over their personal and financial information, and otherwise have been injured.” adds one suit, filed by the law firm Chimicles Schwartz Kriner & Donaldson-Smith of Haverford.
Wawa is going to offer free credit card monitoring and identity theft prevention services to impacted customers.
The company has hired a forensics firm to conduct an internal investigation, law enforcement are of course investigating the incident.
Wawa has yet to comment on the pending litigation.