WAWA, Pa. (WCBS 880) -- The Wawa convenience store chain says a data breach may have exposed the debit and credit card info of thousands of its customers at "potentially all" its locations.
Wawa says the breach targeting the company’s payment processing servers could affect anyone who bought something from Wawa between March 4 and Dec. 12.
The breach appears to have affected all of Wawa's 850 locations, but Wawa says it doesn't know exactly how many customers were hit.
Wawa CEO Chris Gheysens wrote a letter to customers, apologizing and detailing what happened.
"I am very sorry to share with you that Wawa has experienced a data security incident. Our information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019," Gheysens wrote in a letter to customers Thursday.
Gheysens says malware attached itself to the servers the company uses to process debit and credit transactions, which means it may have gotten ahold of a lot of information, including debit and credit card numbers, cardholder names and expiration dates.
Laura was picking up coffee at a Wawa in Hackensack on Friday morning. She told WCBS 880 that she works in IT and that she is well aware of the risks. She said she’s relieved she never used her credit card at a Wawa.
“Honestly, what you should be using your credit card or your MAC card for is really just to get cash out of the bank,” she said.
The company says it has yet to hear about any unauthorized activity as a result of the breach, but it is still offering customers some help in the form of free credit monitoring and identity theft protection services.