Wawa Agrees To Payment, Security Changes For 2019 Data Breach

HARRISBURG, Pa. (AP) — A Pennsylvania-based convenience store chain will pay $8 million to several states over a 2019 data breach that involved some 34 million payment cards, authorities announced Tuesday.

The Pennsylvania attorney general's office said Wawa Inc. did not take reasonable security measures to prevent hackers from installing malware that is thought to have collected card numbers, customer names and other data.

The company said in December 2019 that its information security team discovered the malware and two days later were able to stop the breach, which affected hundreds of Wawa locations along the East Coast, from Pennsylvania to Florida. In-store payments and payments at fuel dispensers were affected but ATM machines were not.

In a statement Tuesday, Wawa said it notified authorities, cooperated with investigators and has assisted those affected by the breach.

"From the outset, our focus has been to make this right for our customers and communities," the company's news release said. "We continue to take the necessary steps to safeguard our information security systems."

Pennsylvania Attorney General Josh Shapiro said Wawa has agreed to new policies to toughen its security efforts to combat data breaches.

The settlement was made with attorneys general in Delaware, Florida, Maryland, New Jersey, Pennsylvania Virginia, and Washington, D.C.

(©Copyright 2022 by The Associated Press. All Rights Reserved.)

Read more
f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.