Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Wawa data breach settlement
- Who: Wawa Inc. has reached an $8 million settlement with six states’ attorneys general over a 2019 data breach
- Why: The settlement resolves an investigation into a 2019 data breach that compromised approximately 34 million customer payment cards that were used at the convenience store chain
- Where: Delaware, Florida, Maryland, Pennsylvania, Virginia, the District of Columbia and New Jersey
Wawa has reached an $8 million settlement with six states’ attorneys general over a 2019 data breach that saw tens of millions of customer payment cards compromised.
The agreements were approved July 26 between Wawa Inc. and the attorneys general of Delaware, Florida, Maryland, Pennsylvania, Virginia, the District of Columbia and New Jersey.
New Jersey acting attorney general Matthew J. Platkin said New Jersey would receive just over $2.5 million from the overall deal payout.
The payments can be used at the discretion of the attorneys general, including for fees and costs of litigation, consumer protection, education or redress.
“This settlement should serve as a message to the industry that we are serious about holding businesses accountable when they fail to protect consumers’ sensitive personal information,” Platkin said.
Data stolen for months through malware breach
The settlement stems from a malware breach of Wawa’s computer systems in 2019, exposing payment data from transactions made at gas pumps and cash registers.
Consumer credit card data was stolen through the malware from April to December 2019.
The extracted data included card numbers, expiration dates and cardholder names. The malware did not extract PINs or security codes, and credit cards using chip technology were not compromised.
Under the terms of the settlement, Wawa is also required to strengthen its network protections and take measures to better protect consumer payment data. This includes designing and implementing a new information security program.
The program must be overseen by a qualified employee with a relevant, credentialed background and include security awareness training for all Wawa employees. It should be reviewed annually.
Last year, a $9 million settlement was reached in a Wawa data breach class action lawsuit, resolving claims surrounding a 2019 security incident that may have compromised consumers’ payment card information.
And as recently as January, Wawa employees were continuing to object to a $12 million settlement reached between their employer and customers whose payment information may have been exposed in a data breach.
What do you think of this settlement agreement? Let us know in the comments.
The states and District of Columbia are represented by their respective attorney general offices.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
13 thoughts onWawa agrees to $8M data breach class action settlement
Add me
Add me please
Add me . Wawa is a disgrace. My card a few years back was always being compromised after I would get gas . Or purchase even a drink and food