New Jersey Woman Sues Wawa Over Massive Data Breach

PHILADELPHIA (CBS) — A New Jersey woman is suing Wawa after the company announced a massive data breach potentially affecting all 850 locations. In a class action lawsuit, Tabitha Hans-Arroyo alleges that her credit card information was compromised in the breach and was then used to make fraudulent charges.

Hans-Arroyo says she received an email from Capital One on Christmas Eve, notifying her of a $2,535.15 purchase on Hans-Arroyo called Capital One and said the charge was fraudulent and that her information had been compromised.

Capital One’s call center notified the plaintiff that her information was compromised in the Wawa data breach, according to a copy of the lawsuit.

Hans-Arroyo, of Woodbury Heights, claims to have used her credit card at various Wawa locations “on a near-daily basis during the data breach window.”

She is suing to recover damages “caused by Wawa’s negligence, breach of contract and violations of state consumer protection statutes,” according to the lawsuit.

According to Wawa, the malware began running from March 4, 2019 and was detected on Dec. 12. It’s believed that it was contained by Dec. 12.

That means that customers who used their credit or debit cards between March 4 and Dec. 12 in-store and at fuel dispensers are vulnerable.

ATM machines, PIN numbers and security codes were not compromised in the attack.

According to Wawa, they believe the malware no longer poses a risk to card-paying customers.

Wawa is offering customers one year of free identity theft protection and credit monitoring. Concerned customers can call 1-844-386-9559 about the services.