Wawa has confirmed a massive data breach that potentially impacts all of its store locations.

“Our information security team discovered malware on Wawa payment processing servers on Dec. 10, 2019, and contained it by Dec. 12, 2019,” Wawa CEO Chris Gheysens said in an open letter to the public. “This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained.”

Gheysens says that the malware is no longer believed to be a threat. He says that customers will not be responsible for any fraudulent charges related to the breach.

Gheysens says that the breach affected “payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment card.”

The CEO says that Wawa customers should check their credit card and bank statements for any unusual activity and contact the bank if they suspect any fraudulent charges.

Wawa is also offering a year of free identity theft protection and credit card monitoring for those who were potentially impacted.

“I apologize deeply to all of you, our friends and neighbors, for this incident,” Gheysens says.

More information about the data breach can be found at Wawa’s website.