Company News

Wawa Expected to Pay $9 Million to Customers for Data Breach

Proposed settlement would see retailer pay up to $8 million in gift cards and $1 million in cash
Wawa data breach convenience store
Photograph: Shutterstock

WAWA, Pa. Wawa is expected to pay customers affected by its 2019 data breach up to $9 million and spend an additional $35 million upgrading its cybersecurity assets, as first reported by The Philadelphia Inquirer.

The $9 million customer payments includes up to $8 million in Wawa gift cards and up to $1 million in cash payments, according to the filed settlement pending approval by the judge overseeing the case.

"As part of the legal process, we have submitted required documents to the court and are awaiting approval from the judge of the notice plan," Wawa spokesperson Lori Bruce said in a statement provided to CSP Daily News.  "Once the notice plan is approved, the details about the settlement will be available through a third-party settlement administrator and Wawa will issue a press release that will include the administrator’s contact information."

The data breach affected all Wawa stores, according to Chimicles Schwartz Kriner & Donaldson-Smith LLP (CSK&D), the Haverford, Pa.-based law firm representing consumers in the case. In addition to direct consumer payments, Wawa will pay $3.2 million in administration costs, attorney fees and expenses and other related costs.

Click here for the settlement announcement from CSK&D.

Wawa discovered malware in the company’s payment processing server on Dec. 10, 2019, and contained the breach by Dec. 12, 2019, according to a statement from Chris Gheysens, president and CEO of Wawa at the time. Gheysens also said the malware was present in the chain’s payment processing server since March 4, 2019. The company immediately started its own investigation and notified both law enforcement and payment card companies upon discovering the breach, according to Gheysens.

Shortly after the data breach was announced, CSPreported in Jan. 2020 that the illegal online marketplace known as Joker’s Stash began selling credit and debit card data stolen during Wawa’s nine-month data breach, according to Gemini Advisory, a New York-based fraud intelligence firm.

Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.

Multimedia

Exclusive Content

Company News

Here’s What C-Store Retailers Need to Do to Succeed in 2025

Tom Newbould of consulting firm W. Capra lays out a game plan for the new year

Foodservice

Life Is Tough for Pizza Chains Right Now

Major brands like Domino’s, Papa Johns and Pizza Hut are trading share with independents

Foodservice

Make Dinner a Winner Using Key Ingredients

‘Nobody really owns that dinner daypart when it comes to convenience, and so it would be really cool for the convenience retailers to figure out how to own that’

Trending

More from our partners