The CEO of Wawa says they are investigating a data breach that has potentially affected all of their locations.
“I am very sorry to share with you that Wawa has experienced a data security incident. Our information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019,” said Wawa CEO Chris Gheysens in a letter to customers on Thursday.
This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained last week.
This malware affected payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards used at potentially all Wawa in-store payment terminals and fuel dispensers.
On December 10, the company discovered the malware. On December 12, the company says the breach was contained.
“At this time, we believe this malware no longer poses a risk to Wawa customers using payment cards at Wawa, and this malware never posed a risk to our ATM cash machines,” said Gheysens.
It’s unclear how many customers are affected. Customers are being urged to check for unauthorized charges.
Wawa is providing potentially impacted customers with one year of identity theft protection and credit monitoring at no charge.