Wawa said that it is implementing chip technology at gas pumps and expects all pumps to be upgraded this year.

About a month before Wawa disclosed a data breach exposing customers’ credit and debit card numbers, the nation’s largest credit card network warned that hackers were targeting gas stations to steal payment card information.

Visa reported in November that gas stations emerged as attractive targets for cybercriminals because many have been slow to adopt more-secure payment-processing technology. Specifically, Visa said the attacks could continue as long as gas stations used magnetic-stripe readers to accept card payments, instead of devices that take cards equipped with computer chips.

Wawa said that it is implementing chip technology at gas pumps and expects all pumps to be upgraded this year.

An investigation into Wawa’s data breach is continuing, and it’s unclear how malicious software got on Wawa’s payment-processing servers. But Visa’s warnings shed light on a concerning trend of hackers targeting vulnerable gas stations with sophisticated cyberattacks.

Visa said criminals used malware in two data breaches over the summer at North American gas stations. In the past, criminals had typically used less sophisticated means, such as hiding “card-skimming” devices inside fuel pumps to steal data one card at a time.

“Fuel dispenser merchants should take note of this activity as the group’s operations are significantly more advanced than fuel dispenser skimming, and these attacks have the potential to compromise a high volume of payment accounts,” Visa’s fraud unit warned. “The deployment of devices that support chip will significantly lower the likelihood of these attacks.”

In a statement, Wawa spokeswoman Lori Bruce said the company took steps to protect payment information provided at gas pumps, including increasing the physical security of fuel dispensers to reduce the risk of skimming attacks. She added that Wawa follows data security standards for organizations that handle payment cards. Gas stations have until October to move to chip technology under a deadline set by credit card networks such as Visa and MasterCard.

Wawa has said malware was on its store systems starting after March 4, about eight months before Visa warned of the attacks on Nov. 14. Wawa said it found the malware on Dec. 10 and contained it by Dec. 12, but by then cardholder names, numbers and expiration dates used in-store and at gas pumps were compromised. The breach went undetected for roughly nine months.

Now the popular convenience store chain is facing a wave of lawsuits accusing the company of failing to protect consumers from the massive data breach affecting potentially all of its more than 850 stores.

“What is most shocking to me, and should be most appalling to everybody, is how long this went undetected. How did Wawa just find this recently?” said Ron Schlecht, managing partner at Bala Cynwyd, Pa.-based BTB Security.

Card chip technology is considered far more secure than magnetic stripes because it creates a unique, onetime-use code for each transaction, according to Visa. If that information is stolen and used to create counterfeit cards, the onetime use code would not work, preventing counterfeit fraud.

Wawa has said it will pay for a year of identity-theft protection and credit monitoring for affected consumers who visit experianidworks.com/credit or call 1-844-386-9559 (activation code: 4H2H3T9H6).