Wawa Data Breach Exposed Customers’ Credit Card Information for Nine Months

Malware potentially affected all of the convenience store operator’s more than 800 locations.
Author:
Publish date:

Privately held Wawa Inc. said Thursday that malware in its computer systems left customer credit card data exposed for nine months until the breach was discovered earlier this month.

In a letter to customers, Wawa CEO Chris Gheysens said the company “discovered malware on Wawa payment processing servers on Dec. 10, 2019, and contained it by Dec. 12, 2019. This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained.”

Wawa operates a chain of more than 800 convenience stores along the East Coast.

The malware ”affected payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards used at potentially all Wawa in-store payment terminals and fuel dispensers,” according to the letter.

The company said it has arranged for credit monitoring firm Experian “to provide potentially impacted customers with one year of identity theft protection and credit monitoring.”

Cyber security stocks were generally higher on Wall Street on Thursday, with gainers outpacing losers by more than 3 to 1.

Among gainers, F5 Networks  (FFIV) - Get Report shares rose $3.34, or 2.38%, to $143.69 while  Proofpoint  (PFPT) - Get Report shares rose $2.14, or 1.84%, to $118.24.  

Among decliners, CyberArk  (CYBR) - Get Report shares fell $1.86, or 1.51%, to $121.29 and Mimecast  (MIME) - Get Report shares fell 44 cents, or 1.01%, to $43.16.

The ETFMG Prime Cyber Security ETF  (HACK) - Get Report rose 28 cents, or 0.68%, to $41.71. 

The First Trust NASDAQ Cybersecurity ETF  (CIBR) - Get Report rose 14 cents, or 0.47%, to $30.16.