If you bought something with a credit or debit card from a Wawa convenience store in the last nine months, your personal information might have been swiped.
On December 10, the company found malware on the servers it uses to process payments at "potentially all Wawa locations," said Wawa CEO Chris Gheysens in a letter Thursday to customers. He added that the company was able to get rid of the malware within two days, and that the firm believes it no longer poses a risk to customers.
Cards used at Wawa stores between March 4 and December 12 could have been compromised. Gheysens said the malware could have affected credit and debit card numbers, expiration dates and cardholder names on cards used at in-store cash registers or gas pumps. Wawa's ATMs were not affected.
Debit card PIN numbers, credit card CVV2 numbers (the three or four-digit security code printed on the card), other PIN numbers, and driver's license information used to verify age-restricted items were not exposed, according to Gheysens.
At this time, the chain said it wasn't aware of any unauthorized use of payment card information. Gheysens said customers will not be responsible for fraudulent charges on their cards.
Wawa is offering free identity theft protection and credit monitoring at no charge to its customers.
The Philadephia-based chain has more than 850 convenience retail stores in Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida, and Washington, DC, according to its website.