LAWRENCE TOWNSHIP, NJ, UNITED STATES - 2018/08/14: Wawa store in Lawrence Township, New Jersey. (Photo by Michael Brochstein/SOPA Images/LightRocket via Getty Images) HARRISBURG, Pa. - Wawa, the Pennsylvania-based convenience store chain, will pay $8 million to several states over a 2019 data breach that involved some 34 million payment cards, authorities announced Tuesday.The Pennsylvania attorney general's office said Wawa Inc.
did not take reasonable security measures to prevent hackers from installing malware that is thought to have collected card numbers, customer names and other data.The company said in December 2019 that its information security team discovered the malware and two days later were able to stop the breach, which affected hundreds of Wawa locations along the East Coast, from Pennsylvania to Florida.
In-store payments and payments at fuel dispensers were affected, but ATM machines were not.In a statement Tuesday, Wawa said it notified authorities, cooperated with investigators and has assisted those affected by the breach."From the outset, our focus has been to make this right for our customers and communities," the company's news release said.