Wawa reveals massive credit, debit card data breach at ‘potentially all’ locations

Tim Jimenez
December 20, 2019 - 6:41 am

Courier-Post, file


UPDATED: 1:35 p.m.

PHILADELPHIA (KYW Newsradio) — Wawa experienced a massive data breach that may have affected customers at any of its stores, the convenience store announced Thursday.

The company said there was malware on its payment processing servers. It started affecting stores back on March 4, but it wasn’t discovered until Dec. 10. The incident was contained on Dec. 12.

If you used a credit or debit card at any Wawa location — whether at the cashier or the gas pumps — the company says there’s a chance your card number, name or expiration date were exposed. 

The company noted PIN numbers and security numbers on the back of the cards were not affected. ATMs inside the store were not affected.

Wawa says it has since removed instances of the malware, so customers should be safe from Dec. 12 on. At this point, the company is not aware of any customer’s info being used.

Drexel cybersecurity expert Dr. Rob D'Ovidio said there’s no need to panic, since data breaches are, unfortunately, pretty common. 

“Let's take some positive out of this and change behaviors, because unfortunately, it's not a matter of if this happens to you, it's a matter of when it happens to you,” he said.

On the bright side, D'Ovidio cited research that finds most people whose personal information is caught up in a data breach don’t usually suffer from identity theft.

Still, people should make it a habit to regularly check their bank statements closely.

He said Google Pay or Apple Pay are safe alternatives to swiping your cards. 

“Your credit card and debit card numbers are never transmitted to the merchant when you use those contactless payment systems. So with Google Pay, for example, there's a one-time transaction code that's generated that's only good for that one transaction,” he explained.

Wawa is offering free credit monitoring. The company recommends looking over your credit and debit card statements to see if you were affected and report any fraudulent charges.