Consumer Reports has no financial relationship with advertisers on this site.
Wawa announced that a massive data breach has compromised customer credit and debit card information, possibly at all 850 of its locations.
Although Wawa is offering credit monitoring services to its customers, the breach is yet another reason to make sure your credit information is secure.
In a letter to customers, Wawa CEO Chris Gheysens said that the problem was discovered on Dec. 10, and by Dec. 12, the malware had been blocked and contained. The malware no longer poses a threat, Gheysens said.
Even so, the malware accessed customer payment card information—which includes name, credit or debit card number, and expiration date—used at potentially all Wawa locations after March 4, 2019, and affected most locations by April 22, until it was contained, according to Gheysens.
The malware no longer poses a risk to customers using payment cards at Wawa, Gheysens said in the letter, and the malware never posed a risk to its ATM cash machines.
Gheysens said that no other personal information, such as debit card PIN numbers, credit card security codes, and driver’s license information used to verify age-restricted purchases, were accessed in the breach.
Customers will not be held responsible for fraudulent purchases resulting from the malware, the letter stated, and so far Wawa is not aware of any unauthorized use of payment card information.
Wawa customers can go to the company website and sign up for a free year of identity theft protection and credit monitoring services through Experian. They can also request a free copy of their credit report.
What You Should Do
Even if you aren't directly affected by the Wawa breach, the seemingly nonstop hacking of customer information should prompt you to safeguard your personal data.
Here are tips to follow:
Monitor your own financial information on a regular basis. This includes your credit card bills, bank statements, and other financial transactions, as well as your credit report. You’re entitled by law to a free credit report once a year from each of the three major credit bureaus, Equifax, Experian, and Trans Union. Go to AnnualCreditReport.com to ask for a report from one of the companies. Then request a report from a second company four months later; then follow up in another four months with the third company.
Consider a credit freeze. Locking down your credit is the most effective way to prevent cybercriminals from opening accounts using your personal information. Credit freezes are free, but you need to set them up at each of the major credit bureaus, Equifax, Experian, and Trans Union. You can lift the freeze temporarily, if you are seeking a loan or opening an account, but be sure to put it back in place.
Watch out for other forms of fraud. Freezing your credit won't protect you from other forms of identity theft, such as use of your driver's license information, tax refund fraud, or someone fraudulently using your health benefits. You will need to take additional steps if you're concerned that you may be at risk; you can find more information on these steps here.
Be cautious about sharing your personal information. Think twice before you sign up for store cards, travel rewards programs, and the like, because the benefits may not be worth the risk to your privacy. When personal data is required, consider using use a burner email set up just for that purpose, or even your work email and phone numbers, rather than your personal accounts.
Use privacy tools to protect your data. Whenever possible, use two-factor authentication to safeguard your most important accounts. And if you're concerned about limiting data tracking, as well as hacks, consider using tools that let you send encrypted emails and messages.
Consumer Reports is an independent, nonprofit organization that works side by side with consumers to create a fairer, safer, and healthier world. CR does not endorse products or services, and does not accept advertising. Copyright © 2019, Consumer Reports, Inc.