Wawa data breach

Hausfeld represented a proposed class of financial institutions in In re Wawa, Inc. Data Security Litigation, arising from a major data breach affecting approximately 30 million payment cards. The breach resulted from a malware attack on point-of-sale systems across hundreds of Wawa locations over at least nine months in 2019.

Financial institutions suffered significant losses, including reimbursing fraudulent charges, replacing compromised cards, and monitoring unauthorized transactions.

Action

Wawa sought to avoid liability by arguing that issuing banks lacked standing and that a “web” of contractual relationships involving payment networks such as Visa and Mastercard provided the exclusive avenue for recovery.

Hausfeld, with Jeannine Kenney and Mindee J. Reuben serving as Court-appointed Interim Co-Lead Counsel, led the financial institution track of the litigation. The team successfully countered Wawa’s arguments by grounding the case in Pennsylvania negligence law, establishing that companies collecting sensitive financial data owe an independent duty of reasonable care regardless of contractual frameworks.

In May 2022, the court denied Wawa’s motion to dismiss in full, allowing claims for negligence and injunctive relief to proceed and positioning the case for resolution.

Outcome

The litigation resulted in a settlement valued at up to $28,500,000  for financial institutions, compensating issuing banks for fraud losses, card reissuance costs, and related damages.

The outcome reinforces that companies cannot rely on contractual structures to avoid liability and must take reasonable steps to safeguard sensitive financial information.