Convenience store chain Wawa acknowledges data breach

Register now

(Bloomberg) --Food and gasoline chain Wawa Inc. announced it discovered malware in its payment processors that affected customer debit and credit card information on “potentially all” of its locations.

In a letter to customers, Chief Executive Officer Chris Gheysens said the company’s security team discovered the malware on Dec. 10 and contained it two days later. The malware affected customers at different points of time from March 4 until it was contained, he said.

Wawa, which is privately held, said it wasn’t aware of any unauthorized use of any payment card information as a result of the breach. The company, which is based in Wawa, Pennsylvania and has more than 850 convenience stores, is working with law enforcement on an ongoing criminal investigation.

“Based on our investigation to date, this malware affected payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards used at potentially all Wawa in-store payment terminals and fuel dispensers,” Gheysens wrote. He said debit pin numbers, security codes printed on payment cards and driver’s license information used to verify age-restricted purchases weren’t affected by the breach.

The company is offering free credit monitoring to affected customers.

Bloomberg News