Wawa Inc., a convenience store and gas station chain that was hacked in December, has acknowledged reports that criminals have put stolen card data up for sale on the dark web.
The Pennsylvania-based firm said it contacted its payment card processor, payment card brands and card issuer to make sure they were on heightened alert about fraud attempts.
Wawa said it was working closely with federal investigators to determine the scope of the breach.
The company, in an updated letter to customers, said it was confident that the malware that was discovered on its systems Dec. 10 was contained by Dec. 12 of last year. The company said that the breach involved only credit card payment data, however no debit card PIN codes, CVV2 numbers on the back of credit cards or other personal information was involved in the breach.
Wawa reminded customers to remain vigilant and to promptly report any unauthorized use of their cards. Wawa is offering customers access to free credit monitoring and ID theft insurance through Experian.
Wawa has 850 locations across Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Washington D.C. and Florida.
Cover image: iStock