After a data breach that affected 34 million payment cards used at Wawa c-stores in 2019, Wawa will settle for $8 million to end the investigation, reported Reuters. The chain has since promised to strengthen its data security practices.
Following Target’s $18.5 million deal in 2017 and Home Depot’s $17.5 million agreement in 2020, Wawa’s settlement is the third largest card breach settlement with attorneys general, according to a statement by Attorney General John Shapiro.
The breach occurred when hackers infiltrated Wawa’s point-of-sale payment systems and deployed malware on its terminals and fuel dispensers, allowing them to access payment and card data. According to the agreement, Wawa has not admitted any wrongdoing.
However, the attorneys general claimed that Wawa didn’t have reasonable security measures in place. In addition to Pennsylvania and New Jersey, the group of attorneys general are from Delaware, Florida, Maryland, New Jersey, Virginia and Washington, D.C. The settlement will be divided, and each will receive different amounts from the total of $8 million.
Wawa has also faced consolidated litigation by consumers, employees and financial institutions over the data breach. A federal judge in Pennsylvania gave final approval to a $9 million settlement of the consumer claims in April, with an additional $3.2 million for legal fees and expenses.
Wawa, Inc., a privately held company, began in 1803 as an iron foundry in New Jersey. Wawa stores are located in Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida and Washington, D.C. The stores offer a large fresh foodservice selection, including Wawa brands such as custom-prepared hoagies, freshly brewed coffee, hot breakfast sandwiches, specialty beverages and an assortment of soups, sides and snacks.