Wawa Data Breach: A Lesson in the Consequences of Data Security Failure
We can all learn a lesson from the Wawa data breach. This U.S.-based convenience store is an East Coast cult favourite.
While the United States has no federally-mandated consumer data privacy regulations, organisations still have a responsibility to protect customers’ sensitive data. Not doing so can have long-term consequences, as demonstrated by Wawa.
The Wawa Data Breach
In December 2019, Wawa announced a widespread data breach affecting Point of Sale card reader systems at many of its 850 store locations. This exposed customers’ financial data and other sensitive information.
Since then, the company has been plagued by a flurry of lawsuits from consumers and credit unions claiming negligence for the retailer’s payment card security practices.
According to the latest credit union suits, the retailer allegedly failed to adhere to the Payment Card Industry Data Security Standard (PCI DSS) with its practice of swiping cards rather than scanning chips. In doing so, it opened the door for fraudsters to steal customers’ payment card details. As a result, the retailer could now face losing millions to settle related lawsuits.
Although most U.S. retailers may not be subject to government fines in response to a data breach, that certainly doesn’t mean there aren’t consequences. And these consequences can be potentially costly ones, at that.
According to PCI Pal research, 70% of consumers will leave a brand for several months or even permanently in the event of a data breach. This can result in long-term revenue losses.
And while companies won’t be fined for a data breach in most of the United States, they can still be subject to hefty legal settlements. In fact, after Equifax’s infamous breach in 2017, they were sued by the Federal Trade Commission for over $400 million to help those affected by the breach. That is more than any GDPR fine to date.
Particularly after a difficult year, a data breach – or a lawsuit – is the last thing any organisation needs. To avoid costly legal settlements, data security is a must, even if you may not be legally required to do so.
If you’re looking to secure customer payment data, contact PCI Pal today to learn how our cloud-based secure payment solutions can help.