Whether you go to Wawa and pay with plastic for gas, hoagies, coffee or anything else, you may have been affected by a data breach that exposed customers’ credit and debit card numbers. The convenience-store chain discovered malware Dec. 10 on its payment processing servers that exposed customer payment card information since March 4, CEO Chris Gheysens wrote in an open letter to customers. ATM machines in the store, however, were not at risk, the store said. The malware was contained by Dec. 12.
If you think you may have been affected, here’s what to do:
Wawa will pay for a year of identity theft protection and credit monitoring. Go to the Experian IdentityWorks website to enroll: https://www.experianidworks.com/credit or call 1-844-386-9559, 9 a.m. to 9 p.m. weekdays or 11 a.m. to 8 p.m. weekends, excluding holidays (Dec. 24, 25, 31 and Jan. 1 and 20). The activation code for the free service is 4H2H3T9H6.
The breach appears to have begun as early as March 2019, so look back at statements for anything that looks like an unauthorized charge. If you find anything, call the number on the back of your payment card to notify the company. Under federal law and card company rules, customers who notify their payment card company in a timely manner upon discovering fraudulent charges will not be responsible for those charges.
Upon enrolling in the Experian service (Step 1) you will have access to activity on your credit report. Plus, U.S. residents are entitled to one free credit report annually from each of the three nationwide consumer reporting agencies. Visit www.annualcreditreport.com or call toll-free at 1-877-322-8228.
Wawa is hardly alone. Companies around the world have been hit with massive data breaches that have exposed the personal information of hundreds of millions of consumers in recent years. Businesses are starting to spend more money on data security, but consumers are still at risk, privacy experts say. Paying in cash is one way to avoid having your personal information stolen.