Wawa Swamped with Class Action Lawsuits Following Data Breach Disclosure [UPDATE]

New to ClassAction.org? Read our Newswire Disclaimer

Since announcing in December 2019 that its payment systems suffered a malware-inflicted data breach, Wawa, Inc. has been inundated with potential class action litigation. The Pennsylvania-headquartered convenience store and gas station heavyweight has been hit with no fewer than 11 lawsuits brought in federal courts over its allegedly negligent handling of customers’ credit and debit card information.

The lawsuits aim to take Wawa to task for its alleged failure to properly safeguard consumers’ names, credit and debit card numbers and expiration dates, and other personally identifiable data collected by the company during purchases. The suits also decry Wawa for allegedly failing to provide those affected by the breach with “timely, accurate, and adequate” notice that their data had been compromised, including details on precisely what types of information were stolen from the systems at the company’s roughly 850 locations.

The data breach began around March 4, 2019 and continued through December 10, leaving Wawa customers’ data available to hackers for almost 10 months before the incident was fully contained around December 12, the complaints say. In its statement announcing the cyberattack, Wawa specified that the malware affecting its systems was rolled out gradually, with “most store systems” hit by April 22, 2019.

One lawsuit claims Wawa serves roughly 400,000,000 customers per year, meaning “nearly 1/3 of a billion customers” were served by the company during the period in which the data breach took place. To date, Wawa has not elaborated on how hackers gained access to its payment processing systems or on how the breach was able to continue undetected for the better part of a calendar year.

Wawa had a commitment to protect customers’ data, the cases continue, and could have prevented the hack with sufficient safeguards and timely data monitoring procedures in place. The complaints stress that consumers affected by the data breach are now at a heightened risk of fraud and identity theft and must spend time and resources toward safeguarding, monitoring and hopefully mitigating any threat to their privacy.

The proposed class actions filed over the Wawa data breach obtained by ClassAction.org are listed below. This page will be updated in the event any more cases are filed.