A class-action lawsuit has been filed against Wawa Stores in the wake of a massive financial data breach that was revealed by the company. The lawsuit, which was filed in the U.S. District Court for the Eastern District of Pennsylvania, brought several people who claim they were impacted by the breach.
Wawa operates around 850 convenience stores, which are located across the East Coast, from Pennsylvania to Florida.
The lawsuit claimed that Wawa failed to secure its computer systems from hackers who installed malware that potentially affected Wawa’s payment systems. It also accused Wawa for breach of contract and violating consumer protection laws.
According to Chris Gheysens, Wawa’s CEO, the company discovered the malware payload in its payment processing systems on December 10, 2019. The security team at Wawa blocked the malware on December 12, 2019, and it is believed that the malware no longer poses any risk to customers making payments at Wawa stores.
Gheysens said that the malware affected customers who made payments at Wawa stores and gas stations. However, the company clarified that the store’s ATMs were unaffected.
The number of affected customers is still unknown. It’s said that the incident potentially affected 850 stores since March 4, 2019.
The exposed financial information includes debit and credit card numbers, expiration dates, and cardholder names. However, PINs and CVV numbers were not exposed. The company also clarified that there is no evidence of any unauthorized use of exposed payment information.
Gheysens stated that they’ve informed law enforcement and payment card companies and appointed an external forensics firm for further investigation. The company also notified the affected users and offered free credit monitoring services.
“I want to reassure you that you will not be responsible for any fraudulent charges on your payment cards related to this incident,” Gheysens said.