Convenience store's data breach could touch hundreds of credit unions

Register now

The convenience store chain Wawa has been the victim of a data breach impacting more than 850 locations.

The Pennsylvania-based chain is anchored in the mid-Atlantic region, with locations in Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Washington and Florida. More than 500 credit unions are based in Pennsylvania and New Jersey alone, meaning the breach could have a far-reaching impact on members in those states.

Customers’ credit and debit card information is believed to have been exposed since March though the breach was not discovered until Dec. 10 and not contained until two days later. The number of consumers impacted has not yet been released.

Information involved in the breach included payment card information, expiration dates, cardholder names and more, though PINs, card security codes and driver’s license data was not touched.

Wawa has contracted with Experian to provide one year of free credit monitoring and identity theft protection for consumers who may have been affected.

The fight for data security was one of the dominant issues for credit unions throughout the 2010s as the industry pushed lawmakers to enact federal data security regulations that would hold merchants to the same standards as the financial institutions that lose money after a retailer’s data breach. A federal standard has not yet been implemented, but some states – led by California – have put measures in place that could force Congress to pick up the pace.

For reprint and licensing requests for this article, click here.
Data breaches Cyber security Data security Malware Cyber attacks Pennsylvania