- Title: Grocery store chain Wawa notifies customers of data security incident
- Date: 20th December 2019
- Summary: NEW YORK, NEW YORK, UNITED STATES (DECEMBER 20, 2019) (REUTERS) (SOUNDBITE) (English) CYBERSCOUT, CHAIRMAN, ADAM LEVIN, SAYING: "Well, the truth of matter is, this is the new normal, unfortunately, as people are hacking into payment processing systems at retailers, food stores and the like. The problem here is that the malware had been sitting on their servers for over ten months. So ,it started in March, when the intrusion occurred. By April, it apparently impacted potentially everybody going to the 850 stores across the country that are Wawa stores and nobody found out until December 12th. And, as a result, payment card information, in particular payment and debit card numbers, expiration dates, they were exposed, names. They didn't necessarily get the security codes. They didn't get driver's license information. They didn't get pin numbers. But they have enough information that, combined with other information on the dark web, they could launch phishing attacks and they could get what they need in order to, either take over these particular accounts, or takeover other of your accounts, or open new accounts in your name."
- Embargoed: 3rd January 2020 16:21
- Keywords: Adam Levin Wawa all Wawa locations cardholder names customer payment card information data breach data security incident debit and credit card numbers expiration dates
- Location: WAWA, PENNSYLVANIA, UNITED STATES, UNKNOWN LOCATIONS
- City: WAWA, PENNSYLVANIA, UNITED STATES, UNKNOWN LOCATIONS
- Country: USA
- Topics: Company News Markets,Economic Events
- Reuters ID: LVA003BAS7CST
- Aspect Ratio: 16:9
- Story Text: Grocery store chain, Wawa, said on Friday (December 20) its information security team discovered malware on its payment processing servers on December 10, 2019.
The virus stole Wawa's customers payment card information, including debit and credit card numbers, expiration dates and cardholder names, but did not access PIN numbers or CVV2 numbers.
Wawa said its cyber security team contained the malware by December 12, 2019.
It also said that it began running at different points in time after March 4, 2019.
(Production: Aleksandra Michalska)
- Copyright Holder: REUTERS
- Copyright Notice: (c) Copyright Thomson Reuters 2019. Open For Restrictions - http://about.reuters.com/fulllegal.asp
- Usage Terms/Restrictions: None