From April 18, 2019 to December 12, 2019, the convenience store chain WaWa had their systems accessed in what turned out to be a rather lengthy data breach. During that time, around 34 million payment cards from consumers across New Jersey, Pennsylvania, Florida, Virginia, Maryland, Delaware, and Washington D.C. were compromised. New Jersey led a multi-state settlement that determined that WaWa will have to pay out $8 million based on the number of consumers that were affected in each area. Additional findings by the Assurance of Voluntary Compliance in the Division of Consumer Affairs discovered three violations on WaWa’s part. Some guidelines have been set out for WaWa, including:
- Develop, implement and maintain an information security program within 180 days
- Implement specific information security safeguards
- Have a third party prepare a settlement compliance assessment within one year
- Pay $8 million in total to the states
Analyst Notes
Situations like these show the importance of continually keeping up to date with security best practices. Companies like WaWa can benefit from using endpoint detection services, such as those offered by Binary Defense, to monitor their systems on a 24 hour a day basis to stop infections before they have a chance to do serious damage to their networks.
https://www.jdsupra.com/legalnews/8-million-multistate-settlement-2567807/?&web_view=true
