Wawa agrees to pay $8 million for 2019 data breach – NBC10 Philadelphia
Wawa agreed to pay seven states $8 million after attorneys general sued the Delaware County convenience store chain over a hack that potentially exposed millions of people’s credit and debit cards to digital thieves, according to a statement from Attorney General Josh Shapiro on Tuesday. .
Malware running on Wawa’s computer servers between April and December 2019 exposed more than 9.1 million payment cards to hackers, according to Shapiro’s office.
Pennsylvania will receive $2.5 million from the settlement. New Jersey and five other states will also receive payments. The money will go to the Attorney General’s office to pay, in part, for attorney and court fees. The settlement agreement did not specify whether any Wawa customers would receive any of the settlement money. A class action lawsuit was filed by customers in late December 2019 after the breach became public. The status of that lawsuit could not be immediately determined on Tuesday.
Wawa has also agreed to “develop, implement and maintain a comprehensive information security program…that is reasonably designed to protect the security, integrity and confidentiality of sensitive personal information that Wawa collects, stores, transmits and /or keeps”, according to the regulations.
“Today’s settlement will help protect the personal information of Pennsylvanians in the future and will hold Wawa accountable for the data breach that occurred under their watch,” Shapiro said. “Through this work, Wawa will adopt new corporate policies to deter data breaches in the future. Every company doing business in Pennsylvania must remain vigilant and protect their customers’ personal data or they will be required to respond to my desk.