Wawa Agrees to Pay Customers Up to $9 Million Over Data Breach

MEDIA, Pa. — A little more than a year after detecting a data breach, Wawa Inc. agreed to a settlement with its customers.

Under the class-action settlement, the convenience retailer will pay affected customers $9 million and spend $35 million to upgrade its cybersecurity, The Philadelphia Inquirer reported.

The proposed settlement, filed with federal court on Feb. 19, provides for relief in the form of Wawa gift cards capped at $8 million in aggregate, cash reimbursements of out-of-pocket costs capped at $1 million in aggregate, as well as significant data security enhancements to Wawa's systems, according to an announcement from Haverford, Pa.-based law firm Chimicles Schwartz Kriner & Donaldson-Smith LLP (CSK&D).

Wawa customers who used credit or debit cards at the retailer's stores or fuel pumps between March 4, 2019 and Dec. 12, 2019 are eligible for relief. The amount varies depending on how individual customers were affected.

To read the full settlement announcement, click here.

Wawa spokesperson Lori Bruce told The Philadelphia Inquirer that under the plan, a third-party administrator will oversee the gift cards and payments. It will name the administrator once the plan is approved.

Under the plan, the c-store retailer will pay an additional $3.2 million to cover administration costs, as well as pay attorney fees and expenses, among other costs, the news outlet added.

In an open letter to customers in December 2019, Wawa CEO Chris Gheysens said malware affected payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained on Dec. 12, as Convenience Store News previously reported.

In the settlement announcement last week, CSK&D said data security incident that impacted all Wawa c-stores and fuel pumps.

Pennsylvania-based Wawa operates 920 c-stores in Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida and Washington, D.C.