Wawa’s Customer Payment Card Data Sold on the Dark Web: What You Need to Know & How to Protect Yourself

February 13th · 3 min read

On December 19th, popular US-based convenience store and gas station, Wawa announced that malware was discovered on their payment processing servers. This data breach affects everyone who swiped a credit or debit card at the fuel pump or inside any of Wawa’s 850 locations between March 4, 2019 and December 12, 2019. In their press release, Wawa CEO Chris Gheysens shares that the breached data includes payment card numbers, expiration dates, and cardholder names.

That month, Joker’s Stash marketplace, one of the largest and most notorious dark web marketplaces for buying stolen payment card data, began advertising that it would upload a sizable collection of U.S., European, and global cards. In addition to payment card numbers they advertised that the data would include the cardholder’s state, city, and zip code.


As promised, Joker’s Stash marketplace began uploading the stolen payment card data obtained from more than 30 million customers affected by Wawa’s data breach. Then on January 28, 2020, Wawa reported that there have been known criminal attempts to sell the breached customer payment card data.

How do I know if my data was breached?

In Wawa’s press release, they share that anyone who used payment card information in-store or at the pump between March 4, 2019 and December 12, 2019 is at risk. This affected more than 30 million customers. If you are unsure if you used a card to make a payment at Wawa between these dates, consumers can call their dedicated toll-free call center at 1-844-386-9559 for more information.

What should I do if I was affected by the Wawa data breach?

Wawa is taking steps to help minimize the impact that their data breach has on their customers by offering free credit monitoring and identity protection services. If your data was affected by the Wawa data breach, here are the steps that you need to take right away:

  1. Register for your free year of Identity Protection Services offered by Wawa through Experian. To enroll, visit https://www.experianidworks.com/credit or contact Experian’s customer care team at 1-844-386-9559 and provide activation code: 4H2H3T9H6
  2. Review your card statements for signs of unauthorized charges and if any are found, immediately notify your card issuer by calling the phone number shown on the back of your card.
  3. Order a credit report. U.S. residents are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. To order your free credit report, visit www.annualcreditreport.com or call 1-877-322-8228.
  4. Consider placing a fraud alert on your credit file to protect yourself from possible identity theft.This way, any time a new account is being opened, the merchant is alerted that you’re at higher risk for identity theft and knows to take additional steps to verify the identity of the applicant to ensure that it is, in fact, you and not a criminal attempting to open the account.
  5. Consider placing a security freeze on your credit file. This prevents creditors from accessing your credit file altogether without your consent.
  6. Activate account monitoring with Guardio to notify you when any of your accounts are involved in a data breach so that you can take immediate action.
Clean up your browser and prevent future scams

Protect yourself from malware & online scams, begin with a free scan.

Be the first to know!

Subscribe to our exclusive mailing list and get the freshest stories from the Guardio team

You may also like