Convenience chain Wawa has announced that it has been the victim of a month's long malware invasion that may have compromised customer data and is now seeking the assistance of the FBI.
Wawa CEO Chris Gheysens addressed the breaches in an open letter to customers. The breach was discovered by Wawa on December 10 and was contained two days later. The origin of the breach is currently unknown, but it is known that the malware responsible had been on Wawa's servers for several months, possibly as far back as March. A Wawa employee may have inadvertently exposed the company's servers by falling for a phishing email, according to cybersecurity experts.
Wawa has stated that the breach has compromised only certain types of customer data. Credit and debit card numbers, cardholder names, and expiration dates were potentially exposed by hackers sifting around Wawa's servers. PINs and CVV2 security codes were not breached.
In his letter, Gheysens expressed that Wawa's first priority was maintaining a level of trust with customers. "Once we discovered this malware, we immediately took steps to contain it and launched a forensics investigation so that we could share meaningful information with our customers. I want to reassure anyone impacted they will not be responsible for fraudulent charges related to this incident," Gheysens said of Wawa's measures to protect its customers. "To all our friends and neighbors, I apologize deeply for this incident."
Wawa has taken additional steps to ensure customer security after rectifying the breach, starting with the company offering a free year of credit monitoring through a deal with Experian (LSE: EXPN). Wawa is also seeking the assistance of the FBI, though aside from reporting the breach, it is unknown to what degree the FBI and Wawa are cooperating.
The hack is shocking, but is nothing new for the business world, unfortunately. Wawa is one of many companies around the world that have been the subject of hacking and data breaches. As many as 7.9 billion records have been exposed by Q3, according to the cybersecurity firm Risk Based Security. 19 companies have had data breaches since January 2018 including Macy's
- https://abcnews.go.com/Business/wawa-announces-massive-data-breach-potentially-impacting-customers/story?id=67850080
- https://www.inquirer.com/news/wawa-data-breach-credit-debit-card-fbi-investigation-20191221.html
- https://www.thestreet.com/personal-finance/credit-cards/wawa-data-breach-exposed-customers-financial-info-for-months
- https://www.riskbasedsecurity.com/2019/11/12/number-of-records-exposed-up-112/
- https://www.safesmartliving.com/identity-theft/data-breaches/