Skip to main content

Wawa Data Breach: A Lesson in the Consequences of Data Security Failure

We can all learn a lesson from the Wawa data breach. This U.S.-based convenience store is an East Coast cult favorite.

While the United States has no federally-mandated consumer data privacy regulations, organizations still have a responsibility to protect customers’ sensitive data. Not doing so can have long-term consequences, as demonstrated by Wawa.

The Wawa Data Breach

In December 2019, Wawa announced a widespread data breach affecting Point of Sale card reader systems at many of its 850 store locations. This exposed customers’ financial data and other sensitive information.

Since then, the company has been plagued by a flurry of lawsuits from consumers and credit unions claiming negligence for the retailer’s payment card security practices.

According to the latest credit union suits, the retailer allegedly failed to adhere to the Payment Card Industry Data Security Standard (PCI DSS) with its practice of swiping cards rather than scanning chips. In doing so, it opened the door for fraudsters to steal customers’ payment card details. As a result, the retailer could now face losing millions to settle related lawsuits.


Costly Consequences

Although most U.S. retailers may not be subject to government fines in response to a data breach, that certainly doesn’t mean there aren’t consequences. And these consequences can be potentially costly ones, at that.

According to  PCI Pal research, 70% of consumers will leave a brand for several months or even permanently in the event of a data breach. This can result in long-term revenue losses.

And while companies won’t be fined for a data breach in most of the United States, they can still be subject to hefty legal settlements. In fact, after Equifax’s infamous breach in 2017, they were sued by the Federal Trade Commission for over $400 million to help those affected by the breach. That is more than any GDPR fine to date.

Particularly after a difficult year, a data breach – or a lawsuit – is the last thing any organization needs. To avoid costly legal settlements, data security is a must, even if you may not be legally required to do so.

If you’re looking to secure customer payment data, contact PCI Pal today to learn how our cloud-based secure payment solutions can help.

How can we help you?

Get in touch today to discuss our solutions and your specific requirements.

Sign up for Knowledge Centre notifications

Never miss the latest blog, news, podcast or event. Sign up to be notified when we publish something new.

Chat with us