Multiple lawsuits seeking class action status have been filed in Philadelphia over a data breach at Wawa convenience stores, which affected 850 locations along the East Coast of the U.S., according to the Associated Press.
Wawa recently came forward with information that it found malware on its payment processing servers, and that it stopped the breach on Dec. 12. Wawa said the malicious software had been collecting credit and debit card information surreptitiously since March, as well as names of customers and other data.
There have been at least six lawsuits filed in federal court recently.
“The data breach was the inevitable result of Wawa’s inadequate data security measures and cavalier approach to data security,” said one suit, filed by Haverford law firm Chimicles Schwartz Kriner & Donaldson-Smith.
The stores affected reach from Pennsylvania to Florida, and fuel dispensers were compromised, but not ATMs. In response to the breaches, Wawa is offering free credit monitoring and identity theft prevention help.
The company said the police are involved and a forensics team is working on an investigation internally.
Massive data breaches are becoming more and more common as more information is moving online and to databases. In November, Canadian cooperative Desjardins Group revealed that a data breach impacted all of its 4.2 million members.
The incident was first discovered in June. The breach exposed personal information, social insurance numbers, addresses and spending habits of the company’s customers. Since July, the company said that all caisse members who do their banking with Desjardins in Quebec and Ontario have been safeguarded by its identity protection, which is provided free. In addition, Desjardins is extending Equifax credit monitoring service to all members.
“Since the privacy breach was first announced, we’ve made it clear that we intended to enhance the Desjardins identity protection service,” Guy Cormier, president and CEO of Desjardins Group, said in a press release.