What to Know
- A group of plaintiffs has filed a class-action lawsuit against Wawa following the company's announcement of a data breach at its stores.
- Wawa announced Dec. 19 that the breach had potentially exposed customers' credit and debit card information at all of its locations.
- The plaintiffs allege Wawa failed to take adequate security measures, which exposed customers to fraud and identity theft.
A group of Wawa customers has filed a class-action lawsuit against the company a week after the chain revealed that a data breach potentially exposed people’s credit and debit card information at hundreds of its locations.
The plaintiffs allege that Wawa failed to take adequate security measures, which exposed customers to fraud and identity theft and left them vulnerable to criminals for potentially years to come.
“The Data Breach was the inevitable result of Wawa’s inadequate data security measures and cavalier approach to data security,” the plaintiffs allege in the suit filed Thursday in the U.S. District Court for the Eastern District of Pennsylvania.
Breaking news and the stories that matter to your neighborhood.
Wawa announced the data breach in a Dec. 19 open letter, saying that malware began running at its stores around March 4 and wasn’t discovered until Dec. 10. The company said the malware was finally contained Dec. 12.
Sensitive information exposed during the data breach included card numbers, expiration dates and cardholder names at more than 860 locations throughout the East Coast, the company said.
The plaintiffs allege the company failed to notify individual customers about the breach, relying only on the open letter posted to its website.
Tabitha Hans-Arroyo, of Woodbury Heights, New Jersey, who is named in the suit, said she found out her card had been compromised only after receiving a Christmas Eve email from her bank telling her that someone had tried to make an online purchase of around $2,535.
Wawa CEO Chris Gheysens apologized "deeply to all of you, our friends and neighbors, for this incident,” and the company has offered customers one year of free credit monitoring and identity theft protection.
However, the plaintiffs say the offer “is too little too late,” since they have already had their data exposed and “will suffer increased vulnerability to fraudulent transactions and identity theft for many years into the future.”
The plaintiffs are seeking unspecified damages through a jury trial.
Wawa declined to comment for this story, citing pending litigation.