If you used a credit or debit card at any Wawa Convenience Store or Fuel Pump Between March 4, 2019 and December 12, 2019, You May Be Entitled to Benefits from the Wawa Data Breach Class Action Settlement.
Wawa, Inc. (“Wawa”), which operates a chain of convenience stores and fuel dispensers operating on the east coast of the United States, has reportedly agreed to a class action settlement of a data breach lawsuit filed against it in the United States District Court for the Eastern District of Pennsylvania, styled In re Wawa, Inc. Data Security Litigation, Class Action Case No. 19-cv-6019-GEKP (E.D. Pa.), alleging, among other things, that between March 4, 2019 and December 12, 2019 cybercriminals accessed Wawa’s computer systems and obtained customers’ cardholder information, including credit and debit card numbers, card expiration dates, and cardholder names on payment cards that were used at Wawa stores or fuel pumps.
Who Is Included In The Wawa Data Breach Class Action Settlement?
The Wawa Data Breach class action settlement reportedly includes, unless otherwise excluded, the following settlement class:
All residents of the United States who used a credit or debit card at a Wawa location at any time during the Period of the Data Security Incident of March 4, 2019 through December 12, 2019.
“Data Security Incident” means the data security incident publicly disclosed by Wawa on December 19, 2019, the related underlying attack and the malware that accessed information about credit and debit card transactions at all or most of Wawa’s more than 850 stores (including the outside fuel dispensers at such stores) from March 4, 2019 until December 12, 2019.
What Settlement Benefits Does The Wawa Class Action Lawsuit Settlement Provide?
Under the Wawa class action lawsuit settlement, Wawa has agreed to pay up to $9 million in cash and Gift Cards to class members who submit valid claim forms. The Wawa settlement provides three tiers of compensation:
- Tier One: Class Members who made a credit or debit card purchase at any Wawa convenience store or fuel pump between March 4, 2019 and December 12, 2019 but experienced no actual or attempted fraudulent charge on their credit or debit card must: (a) provide reasonable proof of such a purchase; and (b) attest that they spent some amount of time after March 4, 2019 monitoring their accounts as a result of the Data Security Incident. Reasonable proof of purchase may include: A bank statement or credit card statement; A screen shot from a banking or credit card company website or mobile app; A Wawa receipt; or Any other reasonable proof that verifies the date of the transaction and the fact that it was at a Wawa store or fuel pump.
- Tier Two: Class Members who experienced an actual or attempted fraudulent transaction after March 4, 2019 on a credit or debit card they used at a Wawa convenience store or fuel pump during the Period of the Security Incident but have no out-of-pocket damages in connection with that actual or attempted fraudulent transaction are entitled to a Tier Two payment. Tier Two claimants must: (a) provide reasonable proof of a credit or debit card purchase at Wawa between March 4, 2019 and December 12, 2019; (b) provide reasonable proof of an actual or attempted fraudulent transaction on the card that occurred after that purchase; and (c) attest that they spent some amount of time after March 4, 2019 to monitor their accounts or otherwise deal with the fraudulent transaction. Reasonable forms of proof of an actual or attempted fraudulent transaction may include: A bank statement or credit card statement; A screen shot from a bank account or credit card account on a website or mobile app; An email or other correspondence with the bank or credit card company; A police report; or Any other reasonable proof. Reasonable proof may include proof of reversal of the fraudulent charge.
- Tier Three: Class Members who experienced an actual or attempted fraudulent transaction on their credit or debit card and have actual out-of-pocket losses in connection with such actual or attempted fraudulent transaction reasonably attributable to the Data Security Incident are entitled to a Tier Three payment. Tier Three claimants must provide: (a) reasonable proof of a credit or debit card purchase at Wawa between March 4, 2019 and December 12, 2019; (b) reasonable proof of an actual or attempted fraudulent transaction on the same card after the Wawa purchase, or a reversal of a fraudulent transaction that occurred after the date of purchase; and (c) reasonable proof of the resulting actual out-of-pocket expense(s) or loss. Actual out-of-pocket expenses and losses may include, but are not limited to: Unreimbursed fraud charges; Bank fees; Replacement card fees; Late fees from transactions with third parties that were delayed due to fraud or card replacements; Credit freeze fees; Parking expenses or transportation expenses for trips to a financial institution to address fraudulent charges or receive a replacement card; or Other expenses reasonably attributable to the Data Security Incident. Reasonable forms of proof of an out-of-pocket expense may include: A receipt; A bank statement or credit card statement; A screen shot from a bank account or credit card account; An email or other correspondence with a bank, credit card issuer, merchant or vendor; A police report; or Any other reasonable form of proof. Acceptable forms of proof of a Wawa purchase and an actual or attempted fraudulent transaction are described in Tier One and Tier
Two above.
Tier One claimants are entitled to a $5 Wawa Gift Card, Tier Two claimants are entitled to a $15 Wawa Gift Card; and Tier Three claimants are entitled to a cash payment equal to their out-of-pocket expenses or losses up to $500. Depending on the total amount claimed in each tier, the amount of the gift cards and/or cash payments may be reduced on a pro rata basis. Claim forms must be submitted online or postmarked via mail by November 29, 2021.
The Wawa settlement also reportedly provides for certain injunctive relief which requires Wawa to: (a) retain a qualified security assessor on an annual basis to assess compliance with payment card industry requirements and issue a Report on Compliance evidencing compliance with all requirements; (b) conduct annual penetration testing and remediate critical vulnerabilities or implement compensating controls; (c) encrypt payment card information and comply with EMV security procedures at point-of-sale terminals in Wawa stores; (d) implement EMV security procedures at Wawa fuel pumps; and (e) maintain written information security programs, policies, and procedures.
Where Can You Obtain More Information About The Wawa Data Breach Class Action Settlement?
For more information about the Wawa Data Breach class action settlement, write to Wawa, Inc. Data Security Litigation Settlement Administrator, PO Box 43502, Providence, RI 02940-3502, call 1-866-817-4934, email info@WawaConsumerDataSettlement.com or visit the Wawa Data Breach class action settlement website at http://www.wawaconsumerdatasettlement.com