On December 19, 2019, Wawa announced that there was malware on its payment processing server between December 10th and December 12th. This malware affected all of their branches. Now they are announcing that they are aware of multiple attempts to sell customer card information on the dark web.
The payment cards were reportedly found on popular fraud bazaar “Joker’s Stash”, which recently claimed that they were selling 30 million accounts from a “new huge nationwide breach”. They refer to the “sale” as BIGBADBOOM-III.
In their blog post, Wawa states that they have notified their payment card processors, brands, and issuers to increase fraud monitoring activities as they connect to Wawa.
The company has also encouraged customers to report any fraudulent activity, noting that customers who notify their pay card issuer in a timely manner will not be held financially liable for any card charges related to the incident. Additionally, they state that, “in the unlikely event” that a customer is not refunded through their card company, Wawa themselves will work with customers to reimburse them for fraudulent charges.
Wawa is offering free credit monitoring and identity theft protection available at this website. They, and we, strongly recommend signing up for both services.