Connect with us

Hi, what are you looking for?



Wawa Agrees to Payment, Security Changes for ’19 Data Breach

A Pennsylvania-based convenience store chain will pay $8 million to several states over a 2019 data breach that involved some 34 million payment cards, authorities announced Tuesday.

A Pennsylvania-based convenience store chain will pay $8 million to several states over a 2019 data breach that involved some 34 million payment cards, authorities announced Tuesday.

The Pennsylvania attorney general’s office said Wawa Inc. did not take reasonable security measures to prevent hackers from installing malware that is thought to have collected card numbers, customer names and other data.

The company said in December 2019 that its information security team discovered the malware and two days later were able to stop the breach, which affected hundreds of Wawa locations along the East Coast, from Pennsylvania to Florida. In-store payments and payments at fuel dispensers were affected but ATM machines were not.

In a statement Tuesday, Wawa said it notified authorities, cooperated with investigators and has assisted those affected by the breach.

“From the outset, our focus has been to make this right for our customers and communities,” the company’s news release said. “We continue to take the necessary steps to safeguard our information security systems.”

Pennsylvania Attorney General Josh Shapiro said Wawa has agreed to new policies to toughen its security efforts to combat data breaches.

The settlement was made with attorneys general in Delaware, Florida, Maryland, New Jersey, Pennsylvania Virginia, and Washington, D.C.

Related: T-Mobile Settles to Pay $350M to Customers in Data Breach

Advertisement. Scroll to continue reading.

RelatedWawa Facing Lawsuits Over Data Breach

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Kim Larsen is new Chief Information Security Officer at Keepit

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.