The malware was discovered in Wawa’s payment processing servers, and it’s believed that all convenience store locations were affected. The stolen information includes names and credit card numbers, among other data.
Wawa CEO Chris Gheysens said that all of the company’s 842 stores in the United States had malware installed in the point-of-sale systems for almost 10 months. In that period, the hackers managed to steal credit card and debit card numbers, expiration dates and names.
The company determined that the incident started on March 4 and only ended on December 14, 2019. Interestingly, even if all of the stores were infected by the malware, not all of them accessed had data leaks.