Privately held Wawa Inc. said Thursday that malware in its computer systems left customer credit card data exposed for nine months until the breach was discovered earlier this month.
In a letter to customers, Wawa CEO Chris Gheysens said the company “discovered malware on Wawa payment processing servers on Dec. 10, 2019, and contained it by Dec. 12, 2019. This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained.”
Wawa operates a chain of more than 800 convenience stores along the East Coast.
The malware ”affected payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards used at potentially all Wawa in-store payment terminals and fuel dispensers,” according to the letter.
The company said it has arranged for credit monitoring firm Experian “to provide potentially impacted customers with one year of identity theft protection and credit monitoring.”
Cyber security stocks were generally higher on Wall Street on Thursday, with gainers outpacing losers by more than 3 to 1.
Among decliners, CyberArk (CYBR) - Get CyberArk Software Ltd. Report shares fell $1.86, or 1.51%, to $121.29 and Mimecast (MIME) - Get Mimecast Limited Report shares fell 44 cents, or 1.01%, to $43.16.