Privately held Wawa Inc. said Thursday that malware in its computer systems left customer credit card data exposed for nine months until the breach was discovered earlier this month.

In a letter to customers, Wawa CEO Chris Gheysens said the company “discovered malware on Wawa payment processing servers on Dec. 10, 2019, and contained it by Dec. 12, 2019. This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained.”

Wawa operates a chain of more than 800 convenience stores along the East Coast.

The malware ”affected payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards used at potentially all Wawa in-store payment terminals and fuel dispensers,” according to the letter.

The company said it has arranged for credit monitoring firm Experian “to provide potentially impacted customers with one year of identity theft protection and credit monitoring.”

TheStreet Recommends

Cyber security stocks were generally higher on Wall Street on Thursday, with gainers outpacing losers by more than 3 to 1.

Among gainers, F5 Networks  (FFIV) - Get F5 Networks, Inc. Report shares rose $3.34, or 2.38%, to $143.69 while  Proofpoint  (PFPT) - Get Proofpoint, Inc. Report shares rose $2.14, or 1.84%, to $118.24.  

Among decliners, CyberArk  (CYBR) - Get CyberArk Software Ltd. Report shares fell $1.86, or 1.51%, to $121.29 and Mimecast  (MIME) - Get Mimecast Limited Report shares fell 44 cents, or 1.01%, to $43.16.

The ETFMG Prime Cyber Security ETF  (HACK) - Get ETFMG Prime Cyber Security ETF Report rose 28 cents, or 0.68%, to $41.71. 

The First Trust NASDAQ Cybersecurity ETF  (CIBR) - Get First Trust NASDAQ Cybersecurity ETF Report rose 14 cents, or 0.47%, to $30.16.