Wawa Sues Mastercard Over Data Breach Penalties

Pennsylvania-based convenience store and gas station chain Wawa is seeking the return of penalties it paid to Mastercard following a 2019 data breach of its customer payment security systems.

In December 2019, Wawa CEO Chris Gheysens announced that malware that steals credit card information had potentially been operating at Wawa’s 842 locations across Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Washington, DC and Florida since March.

Last year, Wawa turned over $ 10.7m to the payment-card network in connection with the security incident. In a suit filed on Monday in federal court in New York, Wawa claimed that the penalties it paid were illegal.

The complaint alleges that the fines issued by its credit card bank, Bank of America, to Wawa violated Mastercard’s standards for customer-related disputes and “basic principles of fairness, equity and good conscience.”

According to the suit, Mastercard violated its standards by imposing an “unfair” penalty per account on customer accounts. Wawa claims Mastercard’s assessment of the fine was invalid because it was not based on actual losses or expenses suffered by Mastercard or its insurers due to the card-skimming incident.

Mastercard fined Bank of America $ 17.8m over the data breach last August, claiming that more than 5 million cardholders had been affected by the incident. The penalty was later reduced to $ 10.7m after Bank of America appealed against it, although Mastercard denied any errors in its assessment of the fine.

Wawa claims that it made the payments to Bank of America under duress and is now demanding that Mastercard pays it $ 32m in damages. The company alleges that there was no evidence for Mastercard to determine that Bank of America was responsible for the breach.

Wawa stated in the lawsuit that a program completed in March 2020 to replace magnetic stripe card readers on its gas pumps with chip readers had been delayed by “circumstances beyond its control.”

In September 2021, Wawa agreed to pay $ 9m in cash and gift cards to settle a class-action lawsuit filed against it over the breach. The company also agreed to spend $ 35m upgrading its cybersecurity.

Source

Pennsylvania-based convenience store and gas station chain Wawa is seeking the return of penalties it paid to Mastercard following a 2019 data breach of its customer payment security systems.

In December 2019, Wawa CEO Chris Gheysens announced that malware that steals credit card information had potentially been operating at Wawa’s 842 locations across Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Washington, DC and Florida since March.

Last year, Wawa turned over $ 10.7m to the payment-card network in connection with the security incident. In a suit filed on Monday in federal court in New York, Wawa claimed that the penalties it paid were illegal.

The complaint alleges that the fines issued by its credit card bank, Bank of America, to Wawa violated Mastercard’s standards for customer-related disputes and “basic principles of fairness, equity and good conscience.”

According to the suit, Mastercard violated its standards by imposing an “unfair” penalty per account on customer accounts. Wawa claims Mastercard’s assessment of the fine was invalid because it was not based on actual losses or expenses suffered by Mastercard or its insurers due to the card-skimming incident.

Mastercard fined Bank of America $ 17.8m over the data breach last August, claiming that more than 5 million cardholders had been affected by the incident. The penalty was later reduced to $ 10.7m after Bank of America appealed against it, although Mastercard denied any errors in its assessment of the fine.

Wawa claims that it made the payments to Bank of America under duress and is now demanding that Mastercard pays it $ 32m in damages. The company alleges that there was no evidence for Mastercard to determine that Bank of America was responsible for the breach.

Wawa stated in the lawsuit that a program completed in March 2020 to replace magnetic stripe card readers on its gas pumps with chip readers had been delayed by “circumstances beyond its control.”

In September 2021, Wawa agreed to pay $ 9m in cash and gift cards to settle a class-action lawsuit filed against it over the breach. The company also agreed to spend $ 35m upgrading its cybersecurity.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

YouAttest collaborates with JumpCloud to give users access reviews for identity governance

YouAttest announced their product integration with JumpCloud - an open directory platform that gives IT, security...

SLACIP: How to Comply with the SOCI ACT Reforms

On March 31, 2022, the Security Legislation Amendment Critical Infrastructure Protection Act 2022, also known as SLACIP, was passed by the Australian Parliament. ...

Microsoft patches the Patch Tuesday patch that broke authentication – Naked Security

Two of the big-news vulnerabilities in this month's Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931which affected the safety of authentication in Windows. Even...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!