Click for Original Story (WPVI-TV)
PHILADELPHIA (WPVI) — The CEO of Wawa says they are investigating a data breach that has potentially affected all of their locations.
“I am very sorry to share with you that Wawa has experienced a data security incident. Our information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019,” said Wawa CEO Chris Gheysens in a letter to customers on Thursday.
This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained last week.
This malware affected payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards used at potentially all Wawa in-store payment terminals and fuel dispensers.
Consumer Reports: Protecting yourself from identity theft
On December 10, the company discovered the malware. On December 12, the company says the breach was contained.
“At this time, we believe this malware no longer poses a risk to Wawa customers using payment cards at Wawa, and this malware never posed a risk to our ATM cash machines,” said Gheysens.
It’s unclear how many customers are affected. Customers are being urged to check for unauthorized charges.
How to get a check and credit monitoring
Wawa is providing potentially impacted customers with one year of identity theft protection and credit monitoring at no charge.
Stay with Action News as we continue to follow this developing story.
READ THE CEO’S FULL LETTER BELOW:
Dear Wawa Customers,
At Wawa, the people who come through our doors every day are not just customers, you are our friends and neighbors, and nothing is more important than honoring and protecting your trust. Today, I am very sorry to share with you that Wawa has experienced a data security incident. Our information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019. This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained. At this time, we believe this malware no longer poses a risk to Wawa customers using payment cards at Wawa, and this malware never posed a risk to our ATM cash machines.
I want to reassure you that you will not be responsible for any fraudulent charges on your payment cards related to this incident, as described in the detailed information below. Please review this entire letter carefully to learn about the resources Wawa is providing and the steps you should take now to protect your information.
I apologize deeply to all of you, our friends and neighbors, for this incident. You are my top priority and are critically important to all of the nearly 37,000 associates at Wawa. We take this special relationship with you and the protection of your information very seriously. I can assure you that throughout this process, everyone at Wawa has followed our longstanding values and has worked quickly and diligently to address this issue and inform our customers as quickly as possible.
What Happened?
Based on our investigation to date, we understand that at different points in time after March 4, 2019, malware began running on in-store payment processing systems at potentially all Wawa locations. Although the dates may vary and some Wawa locations may not have been affected at all, this malware was present on most store systems by approximately April 22, 2019. Our information security team identified this malware on December 10, 2019, and by December 12, 2019, they had blocked and contained this malware. We also immediately initiated an investigation, notified law enforcement and payment card companies, and engaged a leading external forensics firm to support our response efforts. Because of the immediate steps we took after discovering this malware, we believe that as of December 12, 2019, this malware no longer poses a risk to customers using payment cards at Wawa.
What Information Was Involved?
Based on our investigation to date, this malware affected payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards used at potentially all Wawa in-store payment terminals and fuel dispensers beginning at different points in time after March 4, 2019 and ending on December 12, 2019. Most locations were affected as of April 22, 2019, however, some locations may not have been affected at all. No other personal information was accessed by this malware. Debit card PIN numbers, credit card CVV2 numbers (the three or four-digit security code printed on the card), other PIN numbers, and driver’s license information used to verify age-restricted purchases were not affected by this malware. If you did not use a payment card at a Wawa in-store payment terminal or fuel dispenser during the relevant time frame, your information was not affected by this malware. At this time, we are not aware of any unauthorized use of any payment card information as a result of this incident. The ATM cash machines in our stores were not involved in this incident.
What We Are Doing
As soon as we discovered this malware on December 10, 2019, we took immediate steps to contain it, and by December 12, 2019, we had blocked and contained it. We believe this malware no longer poses a risk to customers using payment cards at Wawa. As indicated above, we engaged a leading external forensics firm to conduct an investigation, which has allowed us to provide the information that we are now able to share in this letter. We are also working with law enforcement to support their ongoing criminal investigation. We continue to take steps to enhance the security of our systems. We have also arranged for a dedicated toll-free call center (1-844-386-9559) to answer customer questions and offer credit monitoring and identity theft protection without charge to anyone whose information may have been involved, which you can sign up for as described below.
What You Can Do
Customers whose information may have been involved should consider the following recommendations, all of which are good data security precautions in general:
Review Your Payment Card Account Statements. We encourage you to remain vigilant by reviewing your payment card account statements. If you believe there is an unauthorized charge on your payment card, please notify the relevant payment card company by calling the number on the back of the card. Under federal law and card company rules, customers who notify their payment card company in a timely manner upon discovering fraudulent charges will not be responsible for those charges.
Register for Identity Protection Services. We have arranged with Experian to provide potentially impacted customers with one year of identity theft protection and credit monitoring at no charge to you. Information about these services is available at www.wawa.com/alerts/data-security or call toll-free to 1-844-386-9559.
Order a Credit Report. If you enroll in the Experian service (at the phone number above) we are offering, you will have access to activity on your credit report. In addition, if you are a U.S. resident, you are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. To order your free credit report, visit www.annualcreditreport.com or call toll-free at 1-877-322-8228.
Review the Reference Guide. The Reference Guide below provides additional resources on the protection of personal information.
For More Information
If you have any questions about this issue or enrolling in the credit monitoring services we are offering at no charge to you, please call our dedicated Experian response phone line at 1-844-386-9559. It is open Monday – Friday, between 9:00 am and 9:00 pm Eastern Time, or Saturday and Sunday, between 11:00 am and 8:00 pm Eastern Time, excluding holidays (which include December 24, December 25, December 31, January 1, and January 20).
Along with the nearly 37,000 Wawa associates in all of our communities, we remain dedicated to serving you every day and being worthy of your continued trust.
Sincerely,
Chris Gheysens
Cassie Jones Justin Jones
Sean Mehnert
Mike Neuner Barbara Pishkur-Neuner
These fucks not answering the fucking call, I’m on hold
Nick Masi
What’s up?
Ocean County Scanner News i was on hold forever, well over 45 mins. I hung up. I use the app with a card, but not usually a physical card. So I wanted clarification. Maybe tomorrow
Kaitlynn Casteen
Stephanie Conway
Charlie Coghlan
Laura Aranzullo Palleschi Joe Vecchiarelli
Dennis Downes
Jill Lynn Kyle Ray
Lory Malesko
I eat at Wawa ,5 days a week and just got hacked for $1650
Al Piner what was do you use?
Al Piner I was hacked in October for over $1100. Now I know why!
Katelyn Matteucci
Anthony Visco im all good!
Oscar Alonso
Robert Geoghegan
Three weeks ago I got s new credit card after being hacked. Got the card on Saturday, used it at Wells Fargo ATM and WaWa, the next day (Sunday) it was hacked again.
Andy Mako
Tiffany Seaboldt oh swell
Danny Dpg Gaffney
Leo Bonner great that’s where you spend all your money ????
Jessica Bonner my account just got hacked yesterday. I use my card in Wawa all the time.
Veronica Vaughn Petrauskas ugh!! That sucks!! We got hacked a few years back..drained our account ????
I use my card daily at Wawa. Thanks for the heads up
Ron Roberts
Sarah Baturka
Erin Grippaldi
Nakia Walker-Johnson what is dis…….
Jaime W-Davis ????????♀️????????♀️
Zach Tunis?? Marissa Tunis??
Michael Rasmussen
Is there anyone this WON’T effect? Everyone I know goes to Wawa…ugh
Dawn Patierno Mathis exactly
Dawn Patierno Mathis except those of us who travel ! I so miss WaWa !! But they’re not everywhere!
Dawn Patierno Mathis but I pay with cash!
Fred Megill even at the pumps?
Dawn Patierno Mathis ????????♀️LoL
Kyle Schubach
Ryan Brevogel
Keep $300 in checking and the rest in your savings, they can have the $300…
Alexandra Meredith ????
Linda Gajewski
Dave Meyer I’m old school! I use cash — breach that fuckers! ????
It’s funny carrying a lot of cash is a lot safer than credit cards these days
Jay Treloar
Jenine Flynn lovely…
Always pay with cash in these places and gas stations. Happens way too often
John Harmer
Tara Kelly Brian kelly
Joseph Kelly I am probably screwed lol
Jen Lawrie…since March… just discovered…
Diane Horne Kradenpoth this is why you use a credit card instead of a bank card and never enter your pin
Jen Lawrie …as a rule I never use there..
Casey Lepeshko
This shit doesn’t happen at quik chek
Jimmy Noll lmao what are you working for quick check now
Michelle Brower lmfao….just stirring the pot
Jimmy Noll yet. Give it time…
Give it time quick check is not exempt just like banks have been breached too but keep going to quick check your choose
Jim Kenny Tracy Rawl-Suter
The dates, like from last year???
Heather Bloodgood
JT Megill Kate Moriarty shit!
Meghan Moriarty Megill my luck I’ll be affected
Kate Moriarty I know right!?
Meghan Moriarty Megill
Roger Brown ????
Maria Bancer
Crap….
Since March? How often do they check for malware?????
Wtf
Dawn Lutz Lepeshko
This is why I lock all my cards now After I use them.
Robert Decker Lock your cards????? Explain this please.
Cathy Amoia Scuderi you can lock/unlock your debit card through the website or app so it can’t be used in case it gets lost or stolen.
You can also lock and unlock your credit cards to now on the apps
Freaking great!!!!! We only use WAWA and our debit cards and my son has the WAWA Gas credit card… How do we find out if our cards are effected????
They have offered free credit monitoring for affected people.
I will be going to the bank tomorrow and closing/reopening my accounts with new cards
Except Waretown….they decided not to rebuild ????????????????????????????
James Early
Chris Linde Ferlisi Daniella Marie Sam Antha
Well we’re all screwed!!! 🙁 🙁 Going back to cash. No more cards. This is crazy now. Every month one of us are reporting an incident.
This never happens at Quikcheck!!!
Jessica Lykhine
Erik Rudorfer
Lovely
Erik Rudorfer
Tony Salzarulo
Love Wawa….hope we are safe
I use mine at Wawa also????????????
Welp ????
Heather Klein
Raymond Trimble
Last card I used at wawa came up with fraudulent charges on it last week ????????♀️ yay
Modern f cking technology. Love my cash.
Amber Graham Patty Graham
Just great!! ????♀️????♀️
Carole Madden Colucci I know.
Pam Cantermen
Great so I will be busy today checking my statements, I’m at wawa at least everyday sometimes even twice a day…fml
Christopher Bianco
Nicole Johnelle ????
Jamie Glandz LaQuitta Whitfield
Ted Johnson
Joe Capasso
I called my bank today and they knew nothing about Wawa’s Data breach. I was telling my friend and she called her bank and they knew nothing about it either. I needed gas tonight so I stopped at the Wawa in Silverton and asked the young man if it was true and he told me we are not allowed to discuss it. I find it ironic that the banks don’t know That Wawa’s system has been compromised Yet Wawa’s employees know about it because they was told they can’t discuss it.
Patricia Nosiay Clarino PNC knew when I went and got new cards yesterday
Charles Maughan
Tori Ellis shits wild