Wawa Swamped with Class Action Lawsuits Following Data Breach Disclosure [UPDATE]
Last Updated on February 24, 2021
Williams v. Wawa, Inc.
Filed: January 6, 2020 ◆§ 2:20-cv-00100
Wawa has been hit with a number of proposed class action lawsuits over a 2019 data breaching affecting the company's roughly 850 locations.
Case Updates
February 24, 2021 – Wawa Data Breach Litigation Settled for Up to $12 Million
Wawa has agreed to pay up to $12 million to settle multidistrict litigation over a 2019 data breach in which customers’ credit and debit cards were compromised.
The proposed settlement, which awaits preliminary approval from a judge, allows eligible Wawa customers to file a claim for one of three tiers of compensation, ranging from gift cards to cash for those who can demonstrate they incurred expenses as a result of the incident. Court filings state 22 million Wawa customers may be eligible for compensation through the settlement.
A more detailed write-up of the proposed deal can be found over on ClassAction.org’s blog.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Since announcing in December 2019 that its payment systems suffered a malware-inflicted data breach, Wawa, Inc. has been inundated with potential class action litigation. The Pennsylvania-headquartered convenience store and gas station heavyweight has been hit with no fewer than 11 lawsuits brought in federal courts over its allegedly negligent handling of customers’ credit and debit card information.
The lawsuits aim to take Wawa to task for its alleged failure to properly safeguard consumers’ names, credit and debit card numbers and expiration dates, and other personally identifiable data collected by the company during purchases. The suits also decry Wawa for allegedly failing to provide those affected by the breach with “timely, accurate, and adequate” notice that their data had been compromised, including details on precisely what types of information were stolen from the systems at the company’s roughly 850 locations.
The data breach began around March 4, 2019 and continued through December 10, leaving Wawa customers’ data available to hackers for almost 10 months before the incident was fully contained around December 12, the complaints say. In its statement announcing the cyberattack, Wawa specified that the malware affecting its systems was rolled out gradually, with “most store systems” hit by April 22, 2019.
One lawsuit claims Wawa serves roughly 400,000,000 customers per year, meaning “nearly 1/3 of a billion customers” were served by the company during the period in which the data breach took place. To date, Wawa has not elaborated on how hackers gained access to its payment processing systems or on how the breach was able to continue undetected for the better part of a calendar year.
Wawa had a commitment to protect customers’ data, the cases continue, and could have prevented the hack with sufficient safeguards and timely data monitoring procedures in place. The complaints stress that consumers affected by the data breach are now at a heightened risk of fraud and identity theft and must spend time and resources toward safeguarding, monitoring and hopefully mitigating any threat to their privacy.
The proposed class actions filed over the Wawa data breach obtained by ClassAction.org are listed below. This page will be updated in the event any more cases are filed.
Before commenting, please review our comment policy.