Even as Wawa scrambles to minimize damage from a data breach affecting millions of its customers, six lawsuits seeking class-action status have been filed in federal court, writes Christian Hetrick and Sam Wood for The Philadelphia Inquirer.

The lawsuits claim the company failed to protect customers from a data breach that exposed credit and debit card information used in-store and at gas pumps.

Not affected were debit card pin numbers, credit card security codes or driver’s license information. ATM machines were also unaffected.

Hackers installed malware on Wawa’s computer systems,  potentially reaching 850 stores in six states and Washington, D.C.

The malware started running March 4 and was on most store systems by April 22.  It was discovered Dec. 10 and contained by Dec. 12.

The lawsuits seek more than $5 million in damages.

“We continue to work with top security experts to take steps to enhance the security of our systems and to support law enforcement in their ongoing investigation.” Wawa said in a statement last week.

Wawa is paying for a year of identity-theft protection and credit monitoring for affected consumers who call 1-844-386-9559 (activation code: 4H2H3T9H6).

Read more about the follow up to Wawa’s data breach here.

[uam_ad id=”62465″]