Wawa Data Breach Began on In-Store Payment Processing Systems

February 18, 2020

The breach could potentially impact thousands of customers over the company’s 850 locations

Cyber attackers don’t discriminate. Whether it’s small, medium, or large businesses, data breaches can occur on any level. Wawa, a chain of convenience stores and gas stations located primarily on the East Coast of the United States, recently discovered malware on their payment processing servers. The breach could potentially impact thousands of customers over the company’s 850 locations.

“Based on our investigation to date, we understand that at different points in time after March 4, 2019, malware began running on in-store payment processing systems at potentially all Wawa locations,” CEO Chris Gheysens explained in an open letter to customers. “Although the dates may vary and some Wawa locations may not have been affected at all, this malware was present on most store systems by approximately April 22, 2019.”

The malware did affect payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards used at potentially all in-store payment terminals and fuel dispensers. The breach was not spread to their ATM cash machines. After identifying the problem, the company took immediate action to contain it and prevent further security issues. In addition, the company will offer free credit card monitoring and identity theft protection to those affected.

Data breaches can be costly, but also damaging to a company’s brand and reputation. We look at ten steps to save your business from a data breach and make sure you are prepared.

  • Plan ahead.
  • Eliminate blind sports.
  • Know your points of contact.
  • Find your liability coverage.
  • Vet third parties.
  • Institute a dedicated response team.
  • Engage outside vendors.
  • Understand legal requirements.
  • Update your POS system.
  • Reduce security weakness with layers of tokenization and encryption.

Small Business Trends states, “Forty-three percent of cyberattacks are aimed at small businesses.” Understanding best practice solutions can help reduce the risk of such a breach and ensure that you are prepared in the event that one does occur.

Back To Blog