Click to visit Wawa’s information page about the hackIf you used a credit or debit card at a Wawa convenience store or gas station between April 22 and December 12, your payment information has been compromised. The retail giant announced on Thursday that criminals managed to place malicious software on its point of sale systems, potentially impacting all Wawa outlets. The criminals then siphoned payment data out of the compromised computers.
The firm says hackers might have stolen customer names, account numbers, and expiration dates. The infected systems have been cleaned, Wawa says, so there is no ongoing risk to consumers from the malware incident. The firm does not believe the hackers stole PIN codes, CVV2 information, or driver license data associated with age-restricted purchases. Store ATMs were not impacted, Wawa says.
It was not immediately clear how many consumers’ account data was stolen. Wawa also says it doesn’t know of any fraudulent activity that has been reported as a result of the hack.
“Today, I am very sorry to share with you that Wawa has experienced a data security incident….I apologize deeply to all of you, our friends and neighbors, for this incident,” said Chris Gheysens, Wawa CEO, in a statement posted on the firm’s website. “You are my top priority and are critically important to all of the nearly 37,000 associates at Wawa. We take this special relationship with you and the protection of your information very seriously. I can assure you that throughout this process, everyone at Wawa has followed our longstanding values and has worked quickly and diligently to address this issue and inform our customers as quickly as possible.”
To its credit, Wawa made this announcement soon after the firm became aware of the malware on Dec. 10. It also has a prominent notice atop its webpage with details about the hack. Wawa says it is offering a year of free credit monitoring to consumers impacted by the hack, but the site set up for consumer information did not provide how-to instructions as of this writing.
Independent computer security consultant Dennis Dayman said the incident is one of a long string of hacks involving retail point of sale systems.