in Newswire Published on January 8, 2020

Lawsuit Claims Wawa Failed to Implement ‘Reasonable Security Procedures’ to Prevent Data Breach

by Seth Humeniuk

View Comments

Fisher v. Wawa, Inc.

Filed: December 30, 2019 § 2:19-cv-06179-GEKP

Read Complaint

Wawa faces a proposed class action that claims the convenience store chain failed to protect customers’ payment information from hackers.

Defendant(s)

Wawa, Inc.

Law(s)

State(s)

Pennsylvania

Categories

Privacy Data Breach

A proposed class action alleges Wawa, Inc. failed to protect customer payment information and timely inform those affected by a 2019 data breach that hit the payment terminals and fuel dispensers at the convenience store chain’s more than 850 locations.

Wawa discovered malware on its payment processing systems on December 10, 2019 and announced the discovery via press release on December 19, the lawsuit says. The company determined that the malware was most likely active since at least March and exposed the personally identifiable information, such as credit card numbers and expiration dates, of customers who used payment terminals at “potentially all Wawa locations.”

The case claims that Wawa failed to protect customers’ highly sensitive personal information when it neglected to “implement and maintain reasonable security procedures and processes.” Moreover, the plaintiff takes issue with Wawa’s failure to directly notify affected parties of the breach outside of issuing a press release. While the malware behind the breach hit Wawa store systems as early as March 2019, the lawsuit says, the company did not detect the intrusion until roughly nine months later, leaving consumers’ data vulnerable during that time.

“Without detailed disclosures to its customers, Plaintiff and other members of the class were unknowingly and unwittingly left exposed to continued misuse and the ongoing risk of misuse of their personal data for months,” the suit states.

According to the case, had Wawa provided timely notice of the data breach, proposed class members would have been able to take the steps needed to protect their information.

Instead, as a result of the defendant’s alleged negligence, the case claims, Wawa customers remain susceptible to identity theft and may be forced to spend time and money monitoring their accounts and remedying any potential fraud for years to come. As the case tells it:

“A consumer who has had [personally identifiable information] stolen and compromised may not see the full extent of harm until years after the initial data breach.”

The lawsuit looks to represent all persons in the U.S. who provided Wawa with personally identifiable information that was accessed, compromised, or stolen as a result of the breach.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on January 8, 2020 — 3:37 PM

Seth Humeniuk

Seth Humeniuk is the Junior Content Writer for ClassAction.org.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.