Wawa customers are one step closer to receiving gift cards or cash payments as compensation for the convenience store chain's massive data breach in 2019.
Consumers who used their debit or credit cards at any Wawa store or fuel pump between March 4, 2019 and Dec. 12, 2019 are now eligible to file a claim and enter into the class action lawsuit.
Any Wawa customer who purchased items during the data breach, but did not suffer attempted or actual fraud, will be eligible to receive a $5 gift card. Tier One claimants will need to provide proof that a debit or credit card purchase was conducted at a Wawa store or gas pump during the data breach.
- MORE NEWS
- Dead whale found washed ashore on Barnegat Light beach
- SEPTA to increase service to nearly pre-pandemic levels
- Two new basketball courts honoring Kobe, Gianna Bryant coming to West Philly this fall
Tier Two claimants can receive a $15 gift card if they can present reasonable evidence of an actual or attempted fraudulent charge. Tier Three claimants are eligible to receive as much as $500 in cash reimbursements if they can provide reasonable proof that they lost money because of an attempted or successful malware attack.
Gift cards will be valid for one year and can be used toward any purchase except cigarettes and other tobacco or nicotine products. Gift cards also will be redeemable for fuel payments completed inside Wawa stores.
All claims must be submitted either online or through the mail by Nov. 29. Any customer who wishes to file a claim through the mail must send it to the third-party settlement administrator at the following address:
Wawa Consumer Data Settlement
P.O. Box 43502
Providence, RI 02940-3502
Customers can only submit one claim form and receive compensation from only one tier, regardless of the number of payment cards they used or transactions they made during the data breach. Claimants also give up their legal right to sue Wawa regarding the data breach.
A third-party administrator will oversee the distribution of gift cards and cash payments to customers. Gift cards and cash reimbursements are expected to be distributed to customers once the settlement receives final approval from a federal judge in January.
Wawa customers can opt out from the settlement if they do not wish to receive compensation or would like to retain their legal right to sue Wawa over the data breach. Customers can also stay in the class action settlement and argue via a written statement that the agreement shouldn't be approved. All opt-outs and objections must be submitted by Nov. 12.
Wawa has agreed to pay up to $9 million in gift cards and cash reimbursements to settle a class action lawsuit stemming from the convenience store chain's data breach two years ago. The settlement also mandates Wawa to invest an additional $35 million into upgrading its data security systems.
U.S. District Court Judge Gene E.K. Pratter gave preliminary approval to the agreement last month, the Inquirer reported. The federal judge also signed off on the 22 million settlement class members who qualify for a payout.
The preliminary approval allowed Wawa to formally begin notifying customers about the settlement process over a four-week period. Along with providing a link to the settlement site on its own website, the company has also been mandated to post signs at payment areas inside stores and at fuel pumps. All signs posted will include a QR code that can be scanned by customers using their smartphones. Once the code is scanned, customers will be automatically taken to the settlement website to file a claim.
Wawa discovered the data breach in December 2019, more than nine months after the hack began. The exposed information included cardholder names, numbers and expiration dates. Debit card pin numbers, credit card CVV2 numbers, ATM machines and driver's license info were not impacted.
Some of the confidential information was believed to be sold online by hackers. A class-action lawsuit was filed against Wawa within days of the breach being announced.
The data breach is believed to have impacted all Wawa locations and roughly 30 million sets of payment records. Malware was present on most convenience store payment systems by late April 2019, according to the company.
Wawa notified law enforcement agencies and payment card companies about the data breach shortly after its discovery. The convenience store chain has worked with an external forensics firm and law enforcement officials to conduct an investigation.
Wawa began rolling out an improved payment security method last year by installing card chip readers at gas pumps. The new card readers require customers to leave their cards in the machine for about 30 seconds to process the payment. The data transmitted using chip-enabled cards is encrypted and only a financial institution can un-encrypt it.
Follow Pat & PhillyVoice on Twitter: @Pat_Ralph | @thePhillyVoice
Like us on Facebook: PhillyVoice
Add Pat's RSS feed to your feed reader
Have a news tip? Let us know.