Wawa Says Malware May Have Collected Customer Card Info

Wawa Says Malware May Have Collected Customer Card Info

Wawa Says Malware May Have Collected Customer Card Info

The company says it brought in a forensics firm whose investigators determined that the malware began running at different times after March 4. The security team at Wawa had blocked the malware on December 12, 2019, and it's believed that the malware no longer poses any risk to customers making payments at Wawa stores.

When Wawa's information security team discovered the malware December 10, the company immediately started an investigation and notified law enforcement and payment card companies, he said.

Malicious software was discovered on Wawa's payment processing servers on December 10 and contained by December 12, according to Wawa CEO Chris Gheysens.

Wawa, a ubiquitous presence in Ocean County, warned that it discovered a data breach that may have exposed credit and debit card information for customers who used those methods to pay over a nine-month period. "They didn't get PIN numbers, they didn't get security codes, they didn't get driver's license information, but they did get the number and the expiration date of these payment cards". You can call Wawa's special hotline at 1-844-386-9559 or visit their website for more information and for details on how to enroll in their credit monitoring.

A data security incident may have affected Wawa's 870-plus convenience stores. The advisory didn't say how many customers or cards were affected. Please review this entire letter carefully to learn about the resources Wawa is providing and the steps you should take now to protect your information. Still, all customers who think they may be affected should contact Wawa at the number above to register for the free credit monitoring service. Police are investigating and the company has also hired a forensic company to conduct an internal investigation.

Writing on Twitter, Jake Williams, a cybersecurity consultant and the head of Augusta, Georgia-based Rendition InfoSec, noted that although the malware went undetected for a long time, the company's incident response team deserved credit for responding quickly once the issue was finally discovered. "They are typically concerned about how much load will put on their server vs. being willing to deploy more servers to handle those sort of things addition processes".

Stolen payment card data often is offered for sale on underground dark net sites.

Customers are being urged to check for unauthorized charges.

Related news

[an error occurred while processing the directive]