PHILADELPHIA - Wawa has announced a data security incident that lasted over a more than nine-month time frame in 2019.
The company is notifying potentially-impacted individuals about the data breach, officials said Thursday.
According to the Delaware County-based convenience store chain, the incident affected customer payment card information used at potentially all locations.
It was limited to payment card information, including debit and credit card numbers, expiration dates and cardholder names, but does not include PIN numbers or CVV2 numbers, the company's news release states.
"At this time, Wawa is not aware of any unauthorized use of any payment card information as a result of this incident," the company says.
The release goes on to state:
"Wawa's information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019. After discovering this malware, Wawa immediately engaged a leading external forensics firm and notified law enforcement. Based on Wawa's forensic investigation, Wawa now understands that this malware began running at different points in time after March 4, 2019. Wawa took immediate steps after discovering this malware and believes it no longer poses a risk to customers."
ATM cash machines in Wawa stores were not impacted by this incident, the company says.
Customers are being offered identity protection and credit monitoring services at no charge to them. Information about how to enroll can be found on the Wawa website, along with a letter from the company's CEO. The company says it has also set up a dedicated call center that can be reached at 1-844-386-9559 weekdays from 9 a.m. and 9 p.m. Eastern, or Saturday and Sunday between 11 a.m. and 8 p.m., excluding holidays.
The chain has 850 locations in Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Washington, D.C., and Florida.
Wawa is a sponsor of FOX 29.
For the latest local news, sports and weather, download the FOX 29 News app.
DOWNLOAD: FOX 29 NEWS APP