Popular convenience store chain Wawa has announced a breach that potentially stole the payment card information for customers throughout much of this year. In the case of the Wawa data breach, malware was discovered on the company’s payment processing servers on December 10, and that malware was designed to steal cardholders’ names and card numbers at the time of payment. However, there is no reason to believe that PIN numbers, security codes or driver’s license numbers—used to purchase things like alcohol or tobacco—were compromised in the Wawa data breach.
Unfortunately, their investigation has led them to believe that the malware was installed sometime after March 4 of this year. Customers are urged to look back through their transactions and see if there are any fraudulent charges, which the company has said they will not be responsible for. The company is also offering one year of free credit monitoring to affected customers of the Wawa data breach.
The response to the Wawa data breach—discover the malware, contain it, investigate it and report it with corrective action—is all in line with how businesses are urged to handle these kinds of crimes. It is a massive improvement over data breaches from only a few years ago in which the incident might not have been discovered and the victims not notified for a year or longer.
Incidents like the Wawa data breach should serve as an important reminder to take as much preventive action as you can. First, enabling “card not present” alerts with your financial institution or card issuer will inform you immediately if someone uses your card number without the physical card in their possession. You can also ask your bank what other security measures they specifically offer to prevent these kinds of crimes. Finally, it is important that you check your account transactions routinely in order to spot anything unusual. Do not wait for a notification letter or email to tell you that someone has stolen from you.
You might also like…