Gas station and convenience store chain — Wawa — has revealed that a card-skimming malware was found on its point-of-sale (POS) systems.
In an open letter to customers, Wawa CEO Chris Gheysens said the company discovered the malware on December 10.
Even though the malware has since been removed, Wawa’s systems have been compromised since March. And, apparently, the malware affected “all Wawa locations.”
Wawa’s ATM’s were not affected, but credit and debit cards used between March 4 and December 12 were potentially compromised.
According to Gheysens, the malware could have affected credit and debit card numbers, expiration dates and cardholder names on cards used at in-store cash registers or gas pumps.
On the plus side, debit card PIN numbers, credit card, other PIN numbers, and driver’s license information, were not affected.
Wawa is offering free identity theft protection and credit monitoring at no charge to its customers.