U.S. convenience store chain Wawa says data breach affected thousands

A popular U.S. convenience store chain called Wawa says a data breach may have collected debit and credit card information from thousands of customers.

The Pennsylvania-based chain says it discovered malware on its payment processing servers last week.

It believes the software was collecting card numbers, customer names and other data as early as March 4.

The breach affected all of Wawa’s 850 locations, which are all in the following states: Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida, and Washington, D.C.

In-store payments and payments at fuel dispensers were affected, but ATM machines were not.

2:29 Data breach at LifeLabs possibly affects thousands of Ontarians

Wawa says it’s notifying customers and offering free credit card monitoring and identity theft prevention services to anyone whose information may have been collected.

In a letter to customers posted online Thursday, Wawa CEO Chris Gheysens issued an apology.

Get breaking National news

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.

Sign up for breaking National newsletter Sign Up

By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

“We believe this malware no longer poses a risk to customers using payment cards at Wawa,” the letter says.

Global News emailed Wawa to find out if the breach affected any non-U.S. credit or debit cards but didn’t hear back immediately.

According to Statistics Canada, Canadian residents made 44.4 million trips to the U.S. in 2018.

1:00 Class action lawsuit launched after major Capital One data breach

— With files by Global News staff