NBC10 Responds

Wawa Warns of Possible Fraud Following 2019 Data Breach

A cyber security expert offers advice for detecting fraud

NBCUniversal, Inc.

Head out to any local Wawa and you don’t have to look far to find local fans.

“Cheap coffee. I love it. Get it every morning,” one customer told NBC10 Responds.

“Wawa is so vital to the area. You have to keep going," another customer said.

But some of those happy customers may not be pleased to learn their personal information could be for sale.

The Pennsylvania-based convenience store announced Tuesday it had “become aware of reports of criminal attempts to sell some customer payment card information potentially involved in the previous data security incident announced by Wawa on December 19, 2019." According to Wawa, customer names, credit card, and debit card information may be at risk.

Cyber Security Expert Matt Barnett told NBC10 Responds he sees breaches like this time and time again. He said as a consumer there are some immediate steps you can take to protect yourself.

“Set up alerting for purchases you make. A lot of times a credit card can send text message or app notifications if you bought something,” Barnett told NBC10 Responds.

Wawa said if you used a payment card at one of its stores and believe you’re the victim of fraud, contact your credit card company. If they don’t help you, get in touch with Wawa.

“They’ve offered to help work with anyone who is a victim of credit card fraud but is not getting reimbursement from their credit card company,” Barnett said.

According to Wawa, it’s heightened fraud monitoring to further protect customer information.

“We continue to work closely with federal law enforcement in connection with their ongoing investigation," a spokesperson wrote.

Wawa said no debit card pin numbers, credit card security codes, or other personal information was involved in the breach. The chain told NBC10 Responds it’s offering free credit monitoring and identity theft free of charge.

One customer told us he’s paying close attention to his statements following this breach.

"All you can do is to make sure your I's are dotted and T's are crossed right, and just making sure you know what you have in your account."

Contact Us