The Wawa convenience store chain says a data breach may have collected debit and credit card information from thousands of customers.
Pennsylvania-based Wawa Inc. said Thursday that its information security team discovered malware on its payment processing servers on Dec. 10 and stopped the breach on Dec 12. The company believes the malware was collecting card numbers, customer names and other data as early as March 4.
The company said it doesn’t yet know how many customers were affected. Wawa said it’s also unaware of any unauthorized use of credit cards as a result of the breach.
The breach affected all of Wawa’s 850 locations, which stretch along the East Coast from Pennsylvania to Florida. In-store payments and payments at fuel dispensers were affected, but ATM machines were not.
Wawa says it’s notifying customers and offering free credit card monitoring and identity theft prevention services to anyone whose information may have been collected. Police are investigating, and the company has also hired a forensics firm to conduct an internal investigation.
Related: U.S. Fast-Food Chain Krystal Investigating Payment Card Breach
Related: Moe’s, McAlister’s, Schlotzsky’s Restaurants Hit by Payment Card Breach
Related: Malware Found on Payment System Used by On The Border Restaurants
Related: Church’s Chicken Restaurants Hit by Payment Card Breach

More from Associated Press
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised
- Biden Picks New NSA Head, Key to Support of Ukraine, Defense of US Elections
- White House Unveils New Efforts to Guide Federal Research of AI
- Meta Fined Record $1.3 Billion and Ordered to Stop Sending European User Data to US
- China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States
- ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence
- Philadelphia Inquirer Hit by Cyberattack Causing Newspaper’s Largest Disruption in Decades
Latest News
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
