By | Rachel Brooks
Contributor | Telegraph Local
See the New African Living Standard
What do we know so far about the Wawa Data Breach? Precisely how bad is it? Citing Slate, malware on the Wawa gas station IT systems has been collecting customer names and credit information for the past 9 months. The breach began in March but was only just discovered in mid-December.
The number of actual people impacted is not yet known. Slate reports that “most” locations were affected by the malware as early as April. So, that number could span hundreds of thousands of customers. Wawa is a gas station network that has nearly 850 stores all across the US.
Wawa hopes to save face by providing a free Experian Identity Works activation code for their customers. You can enroll in the program to work with WaWa on monitoring whether your credentials were compromised in this event.
CEO Chris Gheysens sent an open letter addressed to the companies consumers at the time the breach was discovered. It posted via the Wawa convenience stores’ website on December 19, 2019.
He described the breach event as follows:
“Our information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019. This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019, until it was contained.”
That means that the Wawa system was wide open to skim user credentials from March 4th all the way to December 10, with “most” locations being definitely impacted by April. Gheysens goes on to say that some locations may not have been affected at all. It would be safe to assume that all Wawa locations were compromised as profiling precise locations affected may take a long time.
Wawa’s investigation determined that credit card/debit card information, including the card numbers, expiration dates, and cardholder names on payment cards that were used at in-store payment terminals and fuel dispensers were exposed. Most locations were expected to have been affected by April 22, 2019.
The malware no longer affects Wawa customers after December 12. It was kicked out of the system by December 12. That means that, if you shopped at Wawa in the days since, you’re good. If you shopped at Wawa stores between March 4 _December 12, and especially around April 22nd, you’re going to want to contact Wawa customer service. You’ll want to enroll in the provided Experian log-in. It may also be advisable to check with the fraud department at your bank. If you are uncertain of the integrity of your card information, you could have the card canceled and a new card issued.
It’s worth noting that Wawa reports no compromise to PIN numbers. Likewise, CVV2 numbers (see the number of the back of your card by the magnetic strip) and Driver’s License IDs were not exposed.
NJ.com provides some detailed instructions on how to proceed if you were affected by the Wawa data crisis. They are as follows:
- Contact your bank or card issuer and ask for a new one.
- Check your bank statements for suspicious activity. (Note: Check your online payment accounts as well.)
- Take advantage of the Wawa Experian services.
- Keep a close eye on your credit reports. You can see credit reports for the three major bureaus at Annual Credit Report.com.
- Consider putting a security freeze on your credit reports. This stops a scammer from opening new credit lines in your name.
- Beware of emails and calls about the data breach. Some of the scammers will pretend to be Wawa calling about the breach. Typically, the fraud department of a financial entity does not contact the consumer directly.
If you follow these precautions and work closely with the free services/customer service provided, you should be alright.