PHILADELPHIA– Wawa will pay several states $8 million for a 2019 data breach involving some 34 million payment cards, authorities announced Tuesday.
The Pennsylvania Attorney General’s Office said Wawa Inc. failed to take adequate security measures to prevent hackers from installing malware believed to have collected card numbers, customer names and other data.
The company announced in December 2019 that its information security team discovered the malware and two days later was able to stop the breach, which affected hundreds of Wawa locations along the east coast from Pennsylvania to Florida. Payments in shops and at pumps were affected, but ATMs were not.
In a statement Tuesday, Wawa said it had notified authorities, was cooperating with investigators and was assisting those affected by the injury.
“From the beginning, our focus has been to make this right for our customers and communities,” the company’s press release reads. “We continue to take the necessary steps to protect our information security systems.”
Pennsylvania Attorney General Josh Shapiro said Wawa approved new policies to strengthen its security efforts to combat data breaches.
The settlement was reached with attorneys general in Delaware, Florida, Maryland, New Jersey, Pennsylvania, Virginia and Washington, DC
Copyright © 2022 by The Associated Press. All rights reserved.
https://6abc.com/wawa-data-breach-settlement-pennsylvania-attorney-general/12075405/ Wawa agrees to payment, security changes for ’19 data breach