NEW JERSEY – A wave of emails offering Wawa eGift Cards as part of a data breach settlement is legitimate, according to details released about the long-running case.
The message, sent with the subject line “Wawa Settlement eGift Card,” includes a link for recipients to access a digital gift card tied to a $9 million settlement stemming from a payment-system breach that occurred between March 4 and December 12, 2019. During that period, malware on Wawa’s payment servers exposed credit and debit card numbers, expiration dates and cardholder names used at the company’s stores and fuel pumps.
Wawa’s IT team identified the malware on December 10, 2019 and fully contained the issue two days later.
Under the settlement terms, customers who used a payment card during the affected timeframe received compensation based on the level of fraudulent activity. Those who experienced unauthorized charges were issued a $5 card, while individuals whose banks reversed fraudulent transactions were granted $15. Customers who incurred out-of-pocket losses or related expenses received $500.
Recipients must click the link in the email to claim their eGift Card, which can be printed for in-store use or added to the Wawa mobile app. Distribution of the emails began November 19.
