Customers affected by Wawa’s 2019 data breach are now able to file a claim online as part of the $9 million settlement in the class-action lawsuit against the company.
People who file a claim may be given either a Wawa gift card or cash as part of the company’s three-tier compensation system. The data breach potentially exposed people’s credit and debit card information at hundreds of Wawa locations.
Wawa announced in December of 2019 that malware began running at its stores starting in early March of the same year. In January of last year, it announced there were reports of attempts to sell customer information.
Affected customers are eligible to file a claim if they used a credit or debit card at a Wawa between March 4, 2019 and Dec. 12, 2019. The online claims form can be found here.
Get top local stories in Philly delivered to you every morning. >Sign up for NBC Philadelphia's News Headlines newsletter.
The breakdown of the tiered compensation system is as follows:
- Tier one: Customers who: (a) made a credit or debit card purchase at Wawa during the period of the breach, (b) did not suffer attempted or actual fraud on their card and (c) spent at least some time monitoring their accounts as a result of the Data Security Incident.
- Compensation: $5 Wawa gift card
- Tier two: Customers who: (a) made a credit or debit card purchase at Wawa during the period of the breach, (b) can provide reasonable proof of an actual or attempted fraudulent charge on their card after that transaction and (c) spent at least some time monitoring their accounts as a result.
- Compensation: $15 Wawa gift card
- Tier three: Customers who: (a) made a credit or debit card purchase at Wawa during the period of the breach and (b) can provide reasonable documentary proof of money they lost or spent out-of-pocket in connection with an actual or attempted fraudulent transaction on the card that is reasonably attributable to the breach.
- Compensation: Cash reimbursement of up to $500
As part of the settlement, Wawa also agreed to make at least $35 million worth of security enhancements.
Local
Breaking news and the stories that matter to your neighborhood.
Sensitive information exposed during the data breach included card numbers, expiration dates and cardholder names at more than 860 locations throughout the East Coast, the company said. The plaintiffs alleged Wawa failed to notify individual customers about the breach, relying only on an open letter posted to its website.
At the time, Wawa CEO Chris Gheysens apologized "deeply to all of you, our friends and neighbors, for this incident,” and the company offered customers one year of free credit monitoring and identity theft protection.
In a statement following the settlement agreement, Wawa pledged to enhance cybersecurity and said in part, “We are focused on a timely resolution for Wawa customers who may have been affected by this incident, and this settlement allows us to just do that."