Dec. 20 (UPI) -- Popular East Coast convenience store chain Wawa has announced that "potentially all" of its 800-plus locations in the United States were affected by a data breach compromising customers' credit and debit card information.
The company said Thursday malicious software was discovered on Wawa payment processing servers on Dec. 10, and was contained by Dec. 12. The chain said sensitive information may have been exposed, but not the cards' security features.
"Based on the investigation to date, the information is limited to payment card information, including debit and credit card numbers, expiration dates and cardholder names, but does not include PIN numbers or CVV2 numbers," Wawa said in a statement.
The company said automated teller machines inside Wawa locations weren't affected, and it's not aware of any unauthorized use of "payment card information."
In an open letter to customers, Wawa CEO Chris Gheysens said the malware is no longer on company servers -- and it's doing what it can to protect customers, including offers of free identity theft protection and credit monitoring.
"You will not be responsible for any fraudulent charges on your payment cards related to this incident," Gheysens wrote in the letter. "I apologize deeply to all of you, our friends and neighbors, for this incident. You are my top priority and are critically important to all of the nearly 37,000 associates at Wawa."
The chain urged customers to examine recent credit card activity for unusual charges.