"Wawa Agrees to Payment, Security Changes for '19 Data Breach"

Authorities announced Tuesday that a Pennsylvania-based convenience store chain will pay $8 million to several states over a 2019 data breach involving some 34 million payment cards.  The Pennsylvania attorney general’s office stated that Wawa Inc. did not take reasonable security measures to prevent hackers from installing malware that is thought to have collected card numbers, customer names, and other data.  Wawa stated that in December 2019, its information security team discovered the malware.  Two days later, they were able to stop the breach, which affected hundreds of Wawa locations along the East Coast, from Pennsylvania to Florida.  In-store payments and payments at fuel dispensers were affected, but ATMs were not.  On Tuesday, Wawa said it notified authorities, cooperated with investigators, and assisted those affected by the breach.  Pennsylvania Attorney General Josh Shapiro noted Wawa has agreed to new policies to toughen its security efforts to combat data breaches.  The settlement was made with attorneys general in Delaware, Florida, Maryland, New Jersey, Pennsylvania, Virginia, and Washington, D.C.

SecurityWeek reports: "Wawa Agrees to Payment, Security Changes for '19 Data Breach"