Wawa’s Consumer Data Breached Triggering Lawsuits

| Feb 6, 2020 | Firm News |

Wawa, the operator of over 850 convenience stores, is facing a potential class action lawsuit over consumer data breach. Wawa is accused of failing to adequately prevent hackers from installing malware on its computer systems. Currently, there are several lawsuits seeking class-action status filed in Pennsylvania federal courts. These lawsuits alleged Wawa was negligent and violated consumer protection laws and breached contracts. In 2017, Target was similarly sued in a class action lawsuit for its customer data breach and paid $18.5 million dollars to settle the claims.

The Data Breach

The data breach was undetected for approximately nine months. Wawa’s CEO confirmed that malware was discovered on December 10, 2019 but was running on its systems since March 4, 2019 and was on most of its store’s systems by April 22, 2019. Wawa operates stores in six states and Washington, D.C.

The data breach exposed credit and debit card information of several consumers. Customers’ credit card numbers, names, and expiration dates were exposed. The company contained the breach as of December 12, 2019. The malware did not pose a risk to the ATM machines located in the stores. Additionally, the malware did not expose customers’ PIN numbers, driver’s license information, and CW2 numbers.

Lawsuits and Plaintiffs’ Claims

The suits filed to date complain of Wawa’s inadequate measures taken in assuring customer data security. The suit seeks damages and attorneys’ fees involving in excess of five million dollars. One plaintiff claimed that someone tried to spend over two thousand dollars on her credit card a day before Christmas and in response, her credit card company locked her account, resulting in her inability to use her card to buy presents during the holidays. Another plaintiff complained that someone withdrew over $100 from a checking account associated with her debit card twice, leaving her with a negative balance.

Wawa’s Response

Wawa stated that the Federal Bureau of Investigation was informed of the data breach, but the source of cyberattack has not yet been identified. Wawa claims to be working with security experts to enhance and secure its computer systems. It is also cooperating with law enforcement in its investigations of the breach.

Wawa arranged for a dedicated toll-free call center to field customer inquiries and concerns. It is also offering credit monitoring and identity theft protection services for free to those whose information has been compromised. Wawa recommends customers register for identity protection services, thoroughly review all credit card statements for unauthorized charges, and order a credit report to look for inaccuracies and unauthorized activity.

Philadelphia Consumer Protection Lawyers at the Harty Law Group Assist Consumers Harmed by Security Breaches

With several experienced attorneys who have represented clients, big and small, in complex consumer fraud cases, the Philadelphia consumer protection lawyers at the Harty Law Group can guide you in a thorough and competent manner. Located in Philadelphia and Haddonfield, New Jersey, we serve clients throughout Pennsylvania and New Jersey. For an initial consultation, call us at 267-383-3899 or contact us online.