Is Wawa in hot water over its data breach?
Popular regional convenience store chain Wawa has been scaling and modernizing quickly, but a big data breach could rattle its growing, ardent fan base.
On Dec. 19, Wawa posted a public notice of a data breach, detailing a long-term cyberattack and its potential impact on customers. The malware, which was discovered on Dec. 10, had potentially been running on all of the chain’s point-of-sale processing systems from March 4 onward, with most locations having been impacted by Apr. 22. By Dec. 12, Wawa was able to contain the malware, but all Wawa customers who used in-store payment terminals and fuel dispensers (not Wawa ATMs) at any of Wawa’s locations during the 10 month span of the attack are at risk of their data having been compromised.
Credit/debit card numbers, expiration dates and cardholder names were potentially stolen. Wawa hired a forensics firm to investigate the breach, and in the notice pointed potentially impacted customers to resources they could use to address any issues arising from the breach.
In an interview with Newsweek, cybersecurity expert Liv Rowley points out that Wawa was likely still accepting the less secure magnetic stripe payment processing cards. That would mean the chain had yet to implement the EMV (chip) payment processing, which is more secure against this type of fraud. The technology, in use throughout Europe, was introduced in the U.S. in 2015.
While in the last five years news of data breaches has become commonplace to the point that they often don’t register with the public, incidents of this magnitude tend to make waves.
In 2017 credit reporting agency Equifax experienced a data breach compromising hundreds of millions of records, launching a public discussion about cybersecurity through the U.S.
In retail, Target’s notorious 2013 Thanksgiving point-of-sale data breach became a PR disaster for the store as customers vented outrage against the chain and derided its slow response.
In 2017, Target paid a $18.5 million settlement to 47 states and the District of Columbia to resolve an investigation into the 2013 breach, according to NBC News. The chain estimated the total cost of the data breach at $202 million.
- Wawa Data Security – Updates & Customer Resources – Wawa
- Wawa Data Breach 2019: How to Check if You Have Been Affected – Newsweek
- Consumers vent frustration and anger at Target data breach – Reuters
- Target Settles 2013 Hacked Customer Data Breach For $18.5 Million – NBC News
DISCUSSION QUESTIONS: Will Wawa experience a significant impact from the data breach and what might that impact be? Will Wawa need to take more steps to recover from the breach?