Convenience and fuel chain Wawa announced last week that it discovered malware on its payment processing servers on Dec. 10. The incident was contained by Dec. 12, according to a press release from the company, and Wawa does not believe it is still a threat to customers.
The malware began running "at different points in time" after March 4 of this year until it was discovered this month. The malware compromised customer payment card information used at "potentially all Wawa locations" per an open letter to customers from Wawa CEO Chris Gheysens. Debit and credit card numbers, expiration dates, and cardholder names were impacted by the malware, but debit card PINs, credit card CVV2 numbers, other PINs and driver's license information were not affected, the company explained.
Wawa will provide identity theft protection and credit monitoring services to customers who wish to enroll, and established a dedicated call center for inquiries related to the incident. "I want to reassure you that you will not be responsible for any fraudulent charges on your payment cards related to this incident," Gheysens wrote in his letter.
Warby Parker, StockX, Uniqlo Japan, Poshmark and Macy's are just a few of the retailers who dealt with data breaches this year. It's far from surprising at this point: A 2018 report found that U.S. retailers led the world in security breaches, and breaches of U.S. retailers more than doubled between 2017 and 2018.
Macy's November data breach was determined to be a skimmer from hacker group Magecart that targeted customer information during the online checkout process. That breach is believed to impact at least 500 people, based on filings with the California attorney general; in summer 2018, Macys.com and Bloomingdales.com (which is also owned by Macy's), encountered another breach that impacted "a small number" of customers.
But while currently so much of online security largely falls on the customer to recognize and avoid malicious attempts, retailers still need to guard their point-of-sale systems against threats. And as those threats increase and grow more sophisticated, retailers are still working to strengthen their efforts against them. More than half of the retailers surveyed by VMWare Carbon Black said they plan to increase cybersecurity staff in 2020 and 40% plan to increase their security budgets by at least 10%. Additionally, 40% of respondents said they lost revenue in 2019 due to cyberattacks.
Wawa has stores and fuel stations in Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Washington, D.C. and Florida.