December 27, 2019

850 Wawa locations affected by malware

data securityLast week, convenience store chain Wawa announced that more than 850 of its stores had been impacted by malware that exposed customers' debit and credit card information since March. It has not released how many consumers may have been affected.

NAFCU, as a leader in calling for national data security standards, has urged lawmakers to consider a national data security standard for institutions that collect and store consumer information. The association was the first group after the massive 2013 Target data breach to call for a legislative solution to reform the nation's data security system.

In a letter to customers, Wawa said malware was discovered on its processing servers Dec. 10 and was contained by Dec. 12; the company believes the malware began running March 4. Payment card information, including expiration dates and cardholder names, used at in-store payment terminals and fuel dispensers could have been accessed by the malware. PIN numbers, card security codes, and driver's license information were not affected.

Wawa also provided consumers with resources to monitor for suspicious activity. It contracted Experian to provide consumers potentially impacted by this breach with one year of identity theft and credit monitoring for free.

NAFCU will continue to advocate for national data security and privacy standards to ensure consumers' information is protected, negligent entities are held accountable for breaches, and consumers are notified of breaches in a timely manner.