What to Know
- Wawa has alerted its customers to a data breach that potentially exposed payment card information.
- The malware began running sometime around March 4 and wasn't identified until Dec. 10, the company said in a statement.
- "I want to reassure you that you will not be responsible for any fraudulent charges on your payment cards related to this incident," Wawa CEO Chris Gheysens said in an open letter to customers.
Wawa is investigating a data breach that potentially affected every one of its locations, the company announced Thursday.
Malware began running sometime around March 4 and wasn't identified until Dec. 10, the company said in a statement. It was contained on Dec. 12, according to the statement.
Customers who used credit and debit cards could have been affected by the data breach. Sensitive information includes card numbers, expiration dates and cardholder names at more than 860 locations throughout the East Coast.
Breaking news and the stories that matter to your neighborhood.
Wawa officials do not suspect the malware affected ATM cash machines, according to a statement. Pin numbers, credit card CVV numbers and driver's license information was also not affected.
In an open letter to customers, Wawa CEO Chris Gheysens apologized "deeply to all of you, our friends and neighbors, for this incident."
"You are my top priority and are critically important to all of the nearly 37,000 associates at Wawa," Gheysens wrote. "We take this special relationship with you and the protection of your information very seriously. I can assure you that throughout this process, everyone at Wawa has followed our longstanding values and has worked quickly and diligently to address this issue and inform our customers as quickly as possible."
He also looked to assure customers that they wouldn't be on the hook for the breach.
"I want to reassure you that you will not be responsible for any fraudulent charges on your payment cards related to this incident," Gheysens wrote.
Wawa set up a toll-free call center to provide more information. Call 1-844-386-9559 if you have any questions. They also are offering Experian Identity Works at no charge. Activation code: 4H2H3T9H6
What You Can Do
Customers whose information may have been involved should consider the following recommendations from Wawa, all of which are good data security precautions in general:
- Review Your Payment Card Account Statements: We encourage you to remain vigilant by reviewing your payment card account statements. If you believe there is an unauthorized charge on your payment card, please notify the relevant payment card company by calling the number on the back of the card. Under federal law and card company rules, customers who notify their payment card company in a timely manner upon discovering fraudulent charges will not be responsible for those charges.
- Register for Identity Protection Services: We have arranged with Experian to provide potentially impacted customers with one year of identity theft protection and credit monitoring at no charge to you. Visit the Experian IdentityWorks website to enroll: https://www.experianidworks.com/credit or contact Experian’s customer care team at 1-844-386-9559 (Monday - Friday, between 9:00 am and 9:00 pm Eastern Time or Saturday between 11:00 am and 8:00 pm, excluding holidays). Provide your activation code: 4H2H3T9H6
- Order a Credit Report: If you enroll in the Experian service (at the phone number above) we are offering, you will have access to activity on your credit report. In addition, if you are a U.S. resident, you are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. To order your free credit report, visit www.annualcreditreport.com or call toll-free at 1-877-322-8228.
- Review the Reference Guide: The Reference Guide provides additional resources on the protection of personal information.