Breach Brief – Wawa
Wawa gas station and convenience stores chain has reported a major data breach. Just how major?
According to reports the breach may have compromised ALL payment systems at ALL 850 Wawa location and EVERY customer who used a card at those stores between March and December of this year.
According to some experts this was no simple hack or malware but a highly sophisticated attack that was capable of bypassing the micro-chip payment card technology used to encode payment card transactions with a one-time pin and capable of evading detection for several months.
To date the investigation is limited to payment card information, including debit and credit card numbers, expiration dates and cardholder names. According to Wawa the investigation does not include PINs or CVV2 numbers. ATMs in Wawa stores are not affected by the data breach.
Wawa’s payment processing servers were found to be infected by malware on Dec. 10th and the infection was contained on the 12th. Wawa’s forensic investigation discovered that the malware began running at different points in time after March 4th. Wawa said it took immediate steps after discovering this malware and believes it no longer poses a risk to customers.
Wawa is offering identity protection and credit monitoring services at no charge to customers. Information about how to enroll can be found on the Wawa website.
Customers with questions can contact the Wawa call center at 1-844-386-9559, Monday through Friday, between 9 a.m. and 9 p.m. Eastern Time or Saturday and Sunday between 11 a.m. and 8 p.m., excluding holidays.
Wawa customers are advised to keep a close watch on their credit/debit cards for any fraudulent activity. If found report it immediately.