i
In late July, it was announced that an $8 million settlement was reached with Wawa, Inc. as a result of a 2019 data breach that compromised approximately 34 million cards used at Wawa stores in each of the seven states and districts where Wawa operates—New Jersey, Pennsylvania, Florida, Delaware, Maryland, Virginia, and the District of Columbia. The agreement is the third largest credit card breach settlement with state attorneys following Target’s $18.5 million settlement in 2017 and Home Depot’s $17.5 million settlement in 2020. Virginia’s share of the settlement is $682,432.14.
This breach happened after hackers gained access to Wawa’s computer network in late 2018 through a phishing attack and later deployed malware on Wawa’s point-of-sale terminals and fuel dispensers, allowing access to customer data. The malware extracted customers’ sensitive credit and debit card information between April 18, 2019 and December 12, 2019. Virginia’s Attorney General and the other participating states’ attorneys allege that Wawa did not utilize reasonable information security measures to prevent the data breach and thus violated state consumer protection and personal information protection laws.
In addition to the $8 million total payment to the states and D.C., Wawa has agreed to implement the following information security practices:
Wawa has also faced consolidated litigation by consumers, employees, and financial institutions over the data breach. This settlement is a stark reminder of the need for companies to diligently implement and utilize security measures to protect consumer data. As many experts say, it is a matter of “when,” not “if,” a cybersecurity incident will hit a business.
Worried about the implications of your business experiencing a data breach? The Parks Zeigler Cybersecurity and Data Privacy team can educate and advise you and your business on what data you possess, the regulatory and legal responsibilities as to that data, and how to implement policies and procedures to ensure you are protecting that data and following all applicable laws. Contact us today at at 888-904-2951 to schedule a consultation.Let Us Help! Call us on 888-691-9319 or fill out this quick form and we will contact you within 24 hours!
Parks Zeigler, PLLC – Attorneys At Law
N/a