What You Need To Know About Wawa Data Breach

  • By David Lukic
  • Nov 01, 2021
The Wawa data breach is compared to the Home Depot and Target breaches due to its expansive victim pool. Some have called it the largest of all time, affecting more than 30 million customers.
Wawa is a chain of East Coast gas stations and convenience stores that experienced a major data breach sometime before January 2020. As the story unfolds, the store was under siege for nine long months, where thieves collected more than 30 million credit cards through malware installed on their payment processing systems.
The convenience store chain has 860 locations throughout the country, and anyone who visited one during 2019 was at risk of exposure in this data breach.
After running unchecked for months, Wawa discovered the data breach and removed the malware on December 10th. Wawa was one of the most prolonged and massive data breaches of all time, earning cybercriminals 30 million payment card details.
As of January 2020, the massive list of credentials was offered for sale on Joker’s Stash, a dark web marketplace where thieves sell their wares. Criminals nicknamed the stash “BIG BADABOOM-III,” and are selling each card’s details for $17-$220. The data breach affects thousands of different banks and financial institutions all across the country, and the card data found on the dark web can be directly traced back to transactions at Wawa stores.
How to prevent data breach

How Did The Wawa Data Breach Happen

The malware infected point-of-sale systems and payment processing systems during most of 2019. Wawa did not discover the issue until December 10, 2019. Two days later, they contacted customers issuing a statement about the malware discovery and warning customers that all locations had been compromised.
In the breach, hackers made off with names, debit and credit card numbers, and expiration dates. Wawa assured customers that no PINs (personal identification numbers), CVV (three-digit security code on the back of credit cards), or driver’s license numbers were stolen. However, according to ZDNet, who acquired a copy of the card data dump from the dark web, found CVV2 numbers included in the data. Wawa also claimed that their ATM machines were not affected by the data breach.
By December 12, 2020, Wawa took quick action to alert their payment processing vendor along with banks and card brands. They released this statement to a security research firm KrebsOnSecurity, “We continue to work closely with federal law enforcement in connection with their ongoing investigation to determine the scope of the disclosure of Wawa-specific customer payment card data.”
Wawa data breach

How To Find Out Your Data Breach

If you used any Wawa gas station or convenience store during 2019, you were most likely included in the breach. You should have received notice from the store that your information was compromised along with steps to take to protect yourself. The largest number of stolen cards came from locations in Pennsylvania and Florida but also other states like Maryland, New Jersey, Virginia, Delaware, and the District of Columbia.
You can contact Wawa directly if you have questions about the data breach and believe you were affected.

What To Do After Data Breach

Cancel any credit or debit cards you used in those locations immediately and have your bank replace them. If you have an online account associated with them, change your username and password, just to be safe. It’s also a good idea to watch your credit card statements and even bank statements (if you used a debit card) for any unusual or suspicious charges. If you see any, contact your bank’s fraud department immediately to report it. Order a copy of your credit card as soon as possible to check for any unusual activity, accounts you don’t recognize, or other inconsistencies.

Are There Any Lawsuits Because Of The Data Breach?

 As the investigation continues, rumors have it that Wawa could face government fines for not protecting their customer data adequately. There is also one class-action lawsuit filed against Wawa for this data breach. The lawsuit was filed in the U.S. District Court for the Eastern District of Pennsylvania and signed by a considerable number of victims affected by this data breach.
Data breach lawsuit

Can My Wawa Information Be Used For Identity Theft?

Absolutely. All a criminal needs is a bare thread of information that they can then combine with other data found on the dark web and in public records to put together an entire profile for you, which they can use for identity theft. Any payment card information stolen can also be used for fraudulent charges, so keep an eye out for those as well. You may also receive phishing emails (even those that look legitimate from Wawa or other sources) regarding the incident but remain cautious.

How To Prevent A Data Breach? 

The Wawa data breach was in massive proportion to other notorious breaches and exposed data for a whopping 30 million people. That information is now being sold on the dark web to use for nefarious purposes. Some ways you can protect yourself are:
  • Cancel any credit/debit cards used at those stores. Have your bank replace them.
  • Change all online banking passwords.
  • Contact the three major credit bureaus and inform them of the data breach. Sign up for a credit freeze or credit lock to protect against anyone opening up new accounts or charging on your existing accounts.
  • Use one single credit card for online and in-store purchases to minimize your risk.
  • Never give out personal information (driver’s license number, date of birth, social security number, payment info, etc.) to anyone unsolicited.
  • Review your credit reports quarterly. Look for any unusual activity or accounts you don’t recognize.
  • Keep an eye out for phishing emails or fraudulent phone scams.
  • Never, ever click a link inside an email, even if it looks legitimate.
  • Install and run antivirus software frequently on all your devices.
  • Never reuse usernames or passwords on multiple websites.
  • Change your passwords often and use really long, complex combinations of letters, symbols, and numbers.
About the Author
IDStrong Logo

Related Articles

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that mu ... Read More

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

The number of victims caused by the global MOVEit data breach continues to climb; Welltok has announced more exposures, this time from three more health organizations.

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

"Pan American Life Insurance Group Building - New Orleans" by Tony Webster is licensed under CC BY 2.0. Source: Flickr

New York Healthcare Provider Notified 600k Following Network Cyberattack

New York Healthcare Provider Notified 600k Following Network Cyberattack

East River Medical Imaging (ERMI) has three locations in New York City and Westchester County.  ERMI is a "multi-modality radiology center," including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address