Business & Tech
Wawa Data Breach Includes 200 Florida Stores: What To Know
If you've used a debit or credit card at any of Wawa's 850 stores in the last 10 months, your data may be compromised, the chain said.
FLORIDA — A data breach at Wawa may have exposed payment information from customers who used credit cards at its 850 stores nationwide, including those across Florida.
Wawa found malware on its payment processing systems Dec. 10, according to a statement the company issued Thursday. Malware is unwanted software that can monitor online activity and be used to steal personal information and commit fraud.
"At this time, we believe this malware no longer poses a risk to Wawa customers using payment cards at Wawa, and this malware never posed a risk to our ATM cash machines," Wawa CEO Chris Gheysens said in the Dec. 19 open letter about the data security breach.
Find out what's happening in Tampafor free with the latest updates from Patch.
The malware was installed after March 4 and has been contained as of Dec. 12, officials said.
"Once we discovered this malware, we immediately took steps to contain it," Gheysens said.
Find out what's happening in Tampafor free with the latest updates from Patch.
Investigators determined customer information may have been exposed from March 4 to Dec. 12 from payment cards used at cashier terminals and fuel pumps. The malware had been installed by most store systems by April 22, officials said. All locations may have been impacted, Wawa reported.
With its company headquarters in Pennsylvania, Wawa has 200 stores in Florida. The chain of convenience stores also operates in Pennsylvania, New Jersey, Delaware, Maryland, Virginia, and Washington, D.C.
"I apologize deeply to all of you, our friends and neighbors, for this incident," Gheysens said. "You are my top priority and are critically important to all of the nearly 37,000 associates at Wawa. We take this special relationship with you and the protection of your information very seriously."
The following information may have been compromised, according to Wawa:
- Credit card numbers
- Debit card numbers
- Expiration dates
- Cardholder names
These were not affected by the data breach, according to Wawa:
- PINs
- Three-digit security codes on the backs of cards
- Driver's licenses
- ATMs in stores
What Wawa Customers Should Do
The company has committed to providing identity theft protection and credit monitoring for one year through Experian to those who may be affected by the Wawa data breach.
"I want to reassure anyone impacted they will not be responsible for fraudulent charges related to this incident," Gheysens said. "At Wawa, the people who come through our doors are not just customers — they are our friends and neighbors, and nothing is more important than honoring and protecting their trust."
Here is guidance from Wawa about what to do next:
- Review account statements from payment cards you used at Wawa. Do you see an unauthorized charge? Call the number on the back to notify the payment card company.
- Get identity protection services — Wawa is offering one year of free monitoring. Wawa reports it has arranged with Experian to provide potentially impacted customers with one year of free identity theft protection and credit monitoring. Call toll-free to 1-844-386-9559.
- Order a credit report. Those who enroll in the Experian service by calling the number above will have access to activity on their credit reports. U.S. residents are entitled to one free credit report annually from each of the three nationwide consumer reporting agencies. Go to www.annualcreditreport.com or call 1-877-322-8228 to order a free credit report.
People can also contact the Federal Trade Commission to get help recovering from identity theft.
Get more local news delivered straight to your inbox. Sign up for free Patch newsletters and alerts.
