Convenience store Wawa recently found malware on the servers it uses to process payments at “potentially all Wawa locations,” according to CEO Chris Gheysens. The malware was discovered on December 10, and in a letter to customers on Thursday, Gheysens noted that it was contained by December 12. Customer payment card information used at Wawa stores between March 4 and December 12 could have been compromised.
The chain is offering customers free identity protection and credit monitoring services, which is a good start. Affected organizations should, at minimum, make sure to offer remediation and protection in the wake of a breach – however, over half of the respondents for 4iQ’s 2019 Identity Protection & Data Breach Survey felt more still needs to be done.
Wawa said that potentially all of its more than 850 locations were affected. The company said it is notifying potentially impacted individuals but did not say how many people may have been subject to the data breaches. Wawa is not aware of any unauthorized uses of payment cards as a result of the data breach.