Wawa Data Breach: A Lesson in the Consequences of Data Security Failure

Blog
12 January 2021

We can all learn a lesson from the Wawa data breach. This U.S.-based convenience store is an East Coast cult favourite.

While the United States has no federally-mandated consumer data privacy regulations, organisations still have a responsibility to protect customers’ sensitive data. Not doing so can have long-term consequences, as demonstrated by Wawa.

The Wawa Data Breach

In December 2019, Wawa announced a widespread data breach affecting Point of Sale card reader systems at many of its 850 store locations. This exposed customers’ financial data and other sensitive information.

Since then, the company has been plagued by a flurry of lawsuits from consumers and credit unions claiming negligence for the retailer’s payment card security practices.

According to the latest credit union suits, the retailer allegedly failed to adhere to the Payment Card Industry Data Security Standard (PCI DSS) with its practice of swiping cards rather than scanning chips. In doing so, it opened the door for fraudsters to steal customers’ payment card details. As a result, the retailer could now face losing millions to settle related lawsuits.

 

Costly Consequences

Although most U.S. retailers may not be subject to government fines in response to a data breach, that certainly doesn’t mean there aren’t consequences. And these consequences can be potentially costly ones, at that.

According to  PCI Pal research, 70% of consumers will leave a brand for several months or even permanently in the event of a data breach. This can result in long-term revenue losses.

And while companies won’t be fined for a data breach in most of the United States, they can still be subject to hefty legal settlements. In fact, after Equifax’s infamous breach in 2017, they were sued by the Federal Trade Commission for over $400 million to help those affected by the breach. That is more than any GDPR fine to date.

Particularly after a difficult year, a data breach – or a lawsuit – is the last thing any organisation needs. To avoid costly legal settlements, data security is a must, even if you may not be legally required to do so.

If you’re looking to secure customer payment data, contact PCI Pal today to learn how our cloud-based secure payment solutions can help.

View more Blogs Knowledge Centre

How can we help you?

Get in touch today to discuss our solutions and your specific requirements.

Contact us

Sign up for Knowledge Centre notifications

Never miss the latest blog, news, podcast or event. Sign up to be notified when we publish something new.

notify me

You may also be interested in

POS malware contact centre
Blog
Security risk: Are you still using POS terminals in your contact centre?
Security risk: Are you still using POS terminals in your contact centre?
With news that cybercriminals have used point-of-sale (POS) malware to steal details of more than 167,000 credit cards from payment terminals, we shine a spotlight on the security shortfalls associated with processing payments via POS terminals in the contact centre.
Read more
Marriott Data Breach
Blog
Hotel stay booked for the summer? Make sure you don’t leave your data behind!
Hotel stay booked for the summer? Make sure you don’t leave your data behind!
Marriott recently suffered a social engineering attack that resulted in a breach of hundreds of guests' credit card numbers. Could descoping
Read more
eBook
This is Canada 2022: The State of Security through the Eyes of Canadian Consumers Today
This is Canada 2022: The State of Security through the Eyes of Canadian Consumers Today
In December 2021, PCI Pal commissioned AYTM, a market research organisation, to survey 1,100 consumers resident in Canada to uncover Canadian’s sentiments towards and behaviours around data security.
Read more
European Manufacturer inside store
Success story
Retail – Secure Payments for Leading European Furniture Manufacturer
Retail – Secure Payments for Leading European Furniture Manufacturer
Discover how this organisation is offering a smooth multichannel experience to its customers without compromising on PCI DSS requirements.
Read more

More related content

Chat with us