Wawa says payment processing servers were hacked, potentially affecting all of its stores

Malware affected customer payment card information used at potentially all locations of the East Coast convenience store chain.
wawa data breach
Wawa has over 800 stores located in Delaware, Florida, Maryland, New Jersey, Pennsylvania, Virginia, and Washington, D.C. (Getty Images)

Popular East Coast convenience store chain Wawa announced Thursday that it found malware on payment processing servers that affected card information gathered from customers at potentially all of its locations.

The company said malware had been running sometime after March 4 and was present on most store systems by approximately April 22. Among the information collected was cardholder names, including credit and debit card numbers and expiration dates. Debit card PIN numbers, credit card CVV2 numbers, other PIN numbers, and driver’s license information used to verify age-restricted purchases were not affected, Wawa said. Additionally, ATMs located in Wawa stores were not affected.

“I apologize deeply to all of you, our friends and neighbors, for this incident,” Wawa CEO Chris Gheysens said in a release. “You are my top priority and are critically important to all of the nearly 37,000 associates at Wawa. We take this special relationship with you and the protection of your information very seriously.”

The company found the malware on Dec. 10 and removed it by Dec. 12. It also says it’s working with law enforcement in the wake of the incident.


The company is offering identity protection and credit monitoring services for free. Anyone affected by the breach can sign up for these via Wawa’s website.

Wawa has over 800 stores located in Delaware, Florida, Maryland, New Jersey, Pennsylvania, Virginia and Washington, D.C.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts