The letter explains that the security team found malware on Wawa payment processing servers in December, whereas the data security incident affected customer payment card information, such as credit and debit card numbers, expiration dates, and cardholder names on payment cards, used at potentially all Wawa locations beginning at different points in time after 4 March 2019 until December.
The company mentioned that their customers would not be responsible for fraudulent charges on their payment cards related to this incident. In addition, Wawa’s information security team identified the malware on 10 December, and by 12 December they had blocked and contained this malware. The company also initiated an investigation, notified law enforcement and payment card companies, and engaged an external forensics company to support the response efforts.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now