Cybercriminals have attempted to sell customer payment card data likely pilfered from a Wawa POS breach discovered in December.

The Pennsylvania-based convenience store and gas station operator said in a release that it had asked its payment card processor, payment card brands and card issuers to tick up their fraud monitoring in light of the latest revelations.

The malware was discovered on Dec. 10, after a 10-month run in the company’s systems, and was contained by Dec. 12, according to Wawa. The company once more expressed confidence that “only payment card information was involved, and that no debit card PIN numbers, credit card CVV2 numbers or other personal information were involved.”

Wawa is working with law enforcement to “determine the scope of the disclosure of Wawa-specific customer payment card data,” the company said, encouraging its “customers to remain vigilant in reviewing charges.”