April 26, 2022 – Wawa Settlement Receives Final Approval
The judge overseeing the litigation detailed on this page has granted final approval to the data breach settlement affecting Wawa customers.
The April 20 final approval order comes after U.S. District Judge Gene E.K. Pratter overruled two objections at the January 26 fairness hearing.
Those covered by the deal—which does not pertain to the claims of former or current Wawa employees whose personal information other than payment card data was exposed in the breach—should expect to receive their gift cards or payments shortly, as long as no appeals are filed. Gift cards will be sent via email and checks will be mailed.
August 31, 2021 – File a Claim: Wawa Data Breach Settlement Website Is Live
The official website for the Wawa data breach class action is live and can be found here:
Those covered by the settlement—i.e., consumers who used a payment card at a Wawa between March 4 and December 12, 2019—can file a claim for compensation right here.
These individuals can opt to either file a claim online or print out the claim form and mail it in to the settlement administrator using the instructions provided on the site. All claims must be submitted online or postmarked by November 29, 2021.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
August 2, 2021 – Settlement Granted Preliminary Approval
The judge overseeing the Wawa data breach litigation has preliminarily approved the proposed settlement discussed below.
According to a memo issued July 30, the settlement will cover all U.S. residents who used a credit or debit card at a Wawa location anytime between March 4, 2019 and December 12, 2019.
The settlement includes three tiers of relief and will provide:
$5 Wawa gift cards for those who spent time monitoring their payment cards as a result of the breach;
$15 Wawa gift cards for those who experienced fraud and spent at least some time addressing the fraudulent transaction or monitoring their accounts;
Up to $500 cash for those who can demonstrate that they incurred out-of-pocket losses due to the breach.
Also included as part of the deal is a requirement that Wawa strengthens its data security systems and payment terminals in order to prevent future data breaches. The security upgrades are estimated to cost at least $35 million.
Now that the settlement has received preliminary approval, a dedicated settlement website will be set up by August 30. Those covered by the deal must file claims by November 29, 2021.
A final approval hearing has been scheduled for January 26, 2022.
February 24, 2021 – Wawa Data Breach Litigation Settled for Up to $12 Million
Wawa has agreed to pay up to $12 million to settle multidistrict litigation over a 2019 data breach in which customers’ credit and debit cards were compromised.
The proposed settlement, which awaits preliminary approval from a judge, allows eligible Wawa customers to file a claim for one of three tiers of compensation, ranging from gift cards to cash for those who can demonstrate they incurred expenses as a result of the incident. Court filings state 22 million Wawa customers may be eligible for compensation through the settlement.
A more detailed write-up of the proposed deal can be found over on ClassAction.org’s blog.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Since announcing in December 2019 that its payment systems suffered a malware-inflicted data breach, Wawa, Inc. has been inundated withpotential class action litigation. The Pennsylvania-headquartered convenience store and gas station heavyweight has been hit with no fewer than 11 lawsuits brought in federal courts over its allegedly negligent handling of customers’ credit and debit card information.
The lawsuits aim to take Wawa to task for its alleged failure to properly safeguard consumers’ names, credit and debit card numbers and expiration dates, and other personally identifiable data collected by the company during purchases. The suits also decry Wawa for allegedly failing to provide those affected by the breach with “timely, accurate, and adequate” notice that their data had been compromised, including details on precisely what types of information were stolen from the systems at the company’s roughly 850 locations.
The data breach began around March 4, 2019 and continued through December 10, leaving Wawa customers’ data available to hackers for almost 10 months before the incident was fully contained around December 12, the complaints say. In its statement announcing the cyberattack, Wawa specified that the malware affecting its systems was rolled out gradually, with “most store systems” hit by April 22, 2019.
One lawsuit claims Wawa serves roughly 400,000,000 customers per year, meaning “nearly 1/3 of a billion customers” were served by the company during the period in which the data breach took place. To date, Wawa has not elaborated on how hackers gained access to its payment processing systems or on how the breach was able to continue undetected for the better part of a calendar year.
Wawa had a commitment to protect customers’ data, the cases continue, and could have prevented the hack with sufficient safeguards and timely data monitoring procedures in place. The complaints stress that consumers affected by the data breach are now at a heightened risk of fraud and identity theft and must spend time and resources toward safeguarding, monitoring and hopefully mitigating any threat to their privacy.
The proposed class actions filed over the Wawa data breach obtained by ClassAction.org are listed below. This page will be updated in the event any more cases are filed.