Wawa Data Breach – 4 things you should be doing if affected by the cyber security incident – What you need to know and do right now about the Wawa data breach
Wawa convenience stores have reported a malware attack that affects all of its 850 locations. The corporate announcement stated that payment information including credit card and debit card numbers were stolen over a ten-month period from stores and at gas pumps. Malware was discovered on Wawa’s payment processing IT system on December 10th, 2019. The cyber attack was mitigated on December 12th. Wawa stated the data breach affected thousands of customers and all locations for over ten months.
Payment card numbers were stolen from in-store payment terminals and fuel pumps from all Wawa locations. The hacked information includes card expiration dates and cardholder names, but not the security codes, called CVV numbers.
Hackers infected payment processing servers and stole credit card and debit card numbers from point-of-sale (POS) terminals in stores and at gas pumps.
The malware infected some payments servers in stores beginning around March 4, 2019. By approximately April 22, 2019, the malware had infected most Wawa store systems. Wawa officials said that debit card PINs or credit verification values (CVV) numbers were not exposed but full card numbers were. In-store ATMS were not affected.
A third-party cyber security forensics firm is investigating the data breach. Law enforcement is conducting a criminal investigation.
The average cost of a data breach is almost $4 million globally according to IBM. In the United States the average cost of a data breach is about $8 million. This has been an especially busy year for hackers.
Ransomware infected municipalities and educational institutions across the United States. The ransomware attacks locked up computer systems of public institutions holding them for ransom. In some cases, cities paid the ransom, but in most they opted to take the data losses and restart their IT systems on their own. Often malware attacks are successful because computer users do not keep their hardware and software up-to-date with the latest security patches. Malware can go unnoticed for long periods of time, just like in the Wawa data breach incident. Sometimes the only clue that a device is infected with malware is that the system slows down or uses high amounts of data.
Plus Free Shipping!
Wawa Data Breach – Should I Be Concerned?
Hackers make money by selling payment card numbers on the dark web. When a large volume of cards is stolen from a retailer like Wawa, the cards may appear on a number of dark web marketplaces. Hackers also make money by cloning credit card numbers onto physical new cards and selling them. When physical cards are sold with stolen names and numbers on them, many may already be shut down by vigilant consumers, but many go unnoticed.
What is Identity Theft?
Victims of the Wawa data breach are also vulnerable to identity theft. In addition to stealing payment card information, hackers also have the names of all Wawa customers affected by the security incident. Hackers can combine that information with other information found publicly to steal customers’ identities.
Use code EXCLUSIVEC940
Identity theft occurs when a thief steals the personal data of someone else. They use it to open up lines of credit, take out loans, or open credit cards using the stolen identity. Hackers may even file fraudulent tax returns or medical benefit claims to get money.
Why Mobile Wallets are Safer than Credit Cards
Mobile wallets are a secure way to shop online from your smartphone at retail stores like Wawa. With a mobile wallet, the retailer never has access to your full payment information. So, in the case of the Wawa data breach, your payment card information would be secured.
Mobile wallets afford other protections to users. The retailer does not have access to purchases history and it also prevents tracking from advertisers. Facebook tracks credit card purchases through some of its advertising partners. If you see an advertisement on Facebook or Instagram and buy with one of the tracked cards, then Facebook collects that data about your shopping habits and sells it to advertisers.
Wawa Data Breach – What Should I Do?
Consumers are not liable for fraudulent credit card charges because of federal law protections.
Wawa is offering prepaid credit monitoring services for customers who may have been affected by the breach. Although it is way too soon to know, so far there are not reported incidents of identity theft or fraudulent credit card charges.
Freeze Your Credit
Freezing your credit report prevents a scammer from opening up new accounts in your name. When you freeze your credit, it stops someone from using your stolen credentials from impersonating you and opening up car loans, mortgages, new credit cards, or any other line of credit. It also prevents credit line increases.
Review Bank Statements and Payment Card Account Statements
Review your bank statements and credit card accounts to look for signs of fraud. Hackers sell stolen credit card numbers in dark web marketplaces and clone new bank cards with your information on them. They use the cards to rack up fraudulent charges. Review your bank and credit card statements to make sure there are no suspicious or fraudulent charges. If you spot them report them to your financial institution.
Get a Credit Report
Get a copy of your credit report. All consumers in the United States are entitled to one free credit report per year from each of the three major credit reporting bureaus. If you have recently been denied credit for any reason you can obtain a free credit report with each denial.
Get Identity Theft Protection
Wawa is offering free Identity Theft Protection, but you may want to get an enhanced version of identity theft monitoring covers all of your accounts, monitor all your payment cards for you and your family.
Remember – United States Service personnel are entitled to free credit monitoring and credit monitoring services.
People affected by the Wawa data breach can sign up for free for Experian Identity Works service Visit https://www.experianidworks.com/credit Use activation code: 4H2H3T9H6. Wawa set up a call center to answer customer concerns. Call 1-844-386-9559 if you have any questions.
What are Wawa Convenience Stores?
Wawa is a privately held Philadelphia. Based chain of over 850 convenience stores and 600 gas stations located in Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Washington, D.C. and Florida. The company was founded in 1964.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers