ZoomBackgrounds Wawa Store

Wawa to pay Delaware 450K over 2019 data breach

Charles MegginsonHeadlines, Business

Attorney General Kathy Jennings said Wawa Inc. failed to take reasonable security measures to prevent such a data breach and therefore violated state consumer protection and personal information protection laws. 

Wawa Inc.

Delaware will receive $450,000 out of an $8 million multi-state settlement with a Pennsylvania-based convenience store chain after a data breach compromised some 34 million payment cards.

Attorney General Kathy Jennings said Wawa Inc. failed to take reasonable security measures to prevent such a data breach and therefore violated state consumer protection and personal information protection laws. 

Under the settlement, Wawa will not have to admit wrongdoing or liability. 

According to Jennings, the data breach occurred after hackers gained access to Wawa’s computer network through a phishing attack in late 2018 and later deployed malware on Wawa’s point-of-sale terminals. 

The malware extracted Wawa customers’ sensitive payment card information between April 18, 2019, and Dec. 12, 2019, affecting stores in each of the six states where Wawa operates — New Jersey, Pennsylvania, Florida, Delaware, Maryland, and Virginia — as well as Washington, D.C. 

Approximately 1.2 million cards were used in Delaware during the time of the breach. 

“This was excellent work by our Consumer Protection Unit and fellow Attorneys General offices,” Jennings said. “We will continue to hold businesses like Wawa accountable for their duty to protect our entrusted information from unlawful use or disclosure.” 

In addition to the $8 million settlement, Wawa has agreed to implement the following security measures to prevent a data breach from happening again:

  • Maintaining a comprehensive information security program designed to protect consumers’ sensitive personal information; 
  • Providing resources necessary to fully implement the company’s information security program; 
  • Providing appropriate security awareness and privacy training to all personnel who have key responsibilities for implementation and oversight of the information security program. 

According to Jennings, the settlement with Wawa is the Department of Justice’s third largest since she took office, behind settlements with Target and The Home Depot.

RELATED STORIES:

Appo school board candidates meet public; one no-show04/24/2024
Appo's referendum successful after second attempt04/23/2024
Dela-brity Chef Robbie Jester is back on TV04/23/2024

Share this Post