Wawa, a convenience store and gas station chain, notified customers Thursday of a data breach that collected debit and credit card information at potentially all of its more than 850 locations along the East Coast. It is now offering free credit monitoring and identity theft protection to those affected.

“Today, I am very sorry to share with you that Wawa has experienced a data security incident,” Chris Gheysens, Wawa’s chief executive, said in a letter. Customers will not be responsible for any fraudulent charges on cards related to the data breach, he said.

“I apologize deeply to all of you, our friends and neighbors, for this incident,” Mr. Gheysens added. “You are my top priority and are critically important to all of the nearly 37,000 associates at Wawa.”

Malware was discovered on Wawa payment processing servers on Dec. 10; it was blocked and contained by Dec. 12, the company said, adding that the malware no longer posed a risk to customers using cards to pay.