WAWA, Penn.—Convenience store chain Wawa announced that more than 850 of its stores have been effected by malware that exposed customers' debit and credit card information since March.
It has not released how many consumers may have been affected.
In a letter to customers, Wawa said malware was discovered on its processing servers Dec. 10 and was contained by Dec. 12; the company believes the malware began running March 4. Payment card information, including expiration dates and cardholder names, used at in-store payment terminals and fuel dispensers could have been accessed by the malware. PINs, card security codes, and driver's license information were not affected.
Since announcing the breach, Wawa has provided consumers with resources to monitor for suspicious activity, including contracting with Experian to provide consumers potentially impacted by the breach with one year of identity theft and credit monitoring for free.