Wawa Data Breach

Hausfeld continues its track record of holding corporations accountable for their carelessness with customers’ personal financial information with a new action against Wawa, an east coast convenience store and gas station giant that allowed hackers to roam through its data systems for more than eight months, finding the hack only after information from at least 30 million credit cards had long been stolen.  Hausfeld leads the action brought by card-issuing banks who are left to clean up the mess left by Wawa’s lax data security practices to protect their card holders from further fraud.

Wawa sought to dodge its responsibility, arguing to the court that the claims against it should be dismissed because, it claimed, the issuing banks don’t have a right to sue Wawa for the costs Wawa’s carelessness because the “web” of contracts among Wawa and the big card brands (Visa, Mastercard) provide the only source of financial relief.  (Never mind that Wawa doesn’t have any contracts with the card issuers and thus the card issuers can’t sue Wawa for breach of contract at all.)

Hausfeld and its co-counsels’ response laid bare Wawa’s sleight of hand, redirecting the court’s attention with clear analysis that dooms Wawa’s arguments. Whatever “web” Wawa may have conjured up, Pennsylvania law says the opposite, Hausfeld and its co-counsel explained: Whenever a company collects sensitive personal information, it must do so with reasonable care regardless of any contractual relationship.

The Court agreed, entirely rejecting Wawa’s arguments and motion to dismiss Plaintiffs’ claims for negligence and injunctive relief. 

The case is now proceeding with discovery.