A popular U.S. convenience store chain called Wawa says a data breach may have collected debit and credit card information from thousands of customers.
The Pennsylvania-based chain says it discovered malware on its payment processing servers last week.
It believes the software was collecting card numbers, customer names and other data as early as March 4.
The breach affected all of Wawa’s 850 locations, which are all in the following states: Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida, and Washington, D.C.
In-store payments and payments at fuel dispensers were affected, but ATM machines were not.
Wawa says it’s notifying customers and offering free credit card monitoring and identity theft prevention services to anyone whose information may have been collected.
In a letter to customers posted online Thursday, Wawa CEO Chris Gheysens issued an apology.
“We believe this malware no longer poses a risk to customers using payment cards at Wawa,” the letter says.
Global News emailed Wawa to find out if the breach affected any non-U.S. credit or debit cards but didn’t hear back immediately.
According to Statistics Canada, Canadian residents made 44.4 million trips to the U.S. in 2018.
— With files by Global News staff