Customers who have paid using credit or debit cards at Wawa stores over the past 9 months have been warned about the possibility of their card information being compromised. The convenience store announced on December 19, 2019, about the breach to its users.

In a letter, Wawa CEO Chris Gheysens said that the chain of the convenience store has a security team, which was able to discover a malware in the Wawa payment processing servers on December 10, 2019. The team was able to contain the malware by December 12. The company then involved a leading security forensic team and even notified law enforcement. The letter then explained that the malware affected the customer’s payment information used at potentially all Wawa locations from March 4, 2019, until it was contained.

The malware has said to compromise users’ personal information; however, the store CEO said that all of the users currently coming to the store are safe and will not be affected by the malware. The chain operates in more than 850 stores in Delaware, Washington, DC, Florida, New Jersey, Pennsylvania, Maryland, and Virginia.     

The information compromised, however, doesn’t include PINs or CVV2 numbers, and the malware has not compromised all the ATMs that are included in the store. The letter further explains that the authorities at the Wawa chain are currently trying to verify if any of the information compromised was used for any unauthorized payment.

Gheysens, in the letter, explained that all the people coming to Wawa are just not its customers but friends and neighbors too. It’s very important to him to honor and protect their trust. The growing challenge for many chain-based businesses is that they know little about security and are easily hackable. The systems are legacy-based and don’t get constant upgrades as other tech businesses do.