Petro-Canada hit by cybersecurity incident
A “cybersecurity incident” lasts into day three at Suncore, Petro-Canada’s parent company, causing the company to suspend electronic payment at numerous gas stations.
The service outage was reported for the first time Saturday after customers were unable to log into Petro-Points from the app and the website was temporarily unavailable.
On Sunday, Suncor, Petro-Canada’s parent company, issued a press release addressing the matter, adding that the company was “taking action and cooperating with outside experts to investigate and resolve the situation.”
To date, there is no evidence that customer, supplier or employee data has been breached or compromised, Suncore said.
“As we work to resolve the incident, some customer and supplier transactions may be impacted,” the press release reads.
Among them are Petro-Points, credit, debit, prepaid card payments and car washes in some locations.
Some locations only accept cash transactions.
“The most important thing to us is you and your safety,” Petro-Canada said in a tweet.
Canadian companies hit by hackers
Suncore, the Calgary-based oil sands development and refining company, is just the latest in a growing list of Canadian companies that have seen their services shut down amid a spate of cyberattacks over the past year.
Some of these are ransomware attacks, where a hacker takes over a company or institution’s computer network, encrypts the files, and then forces them to pay before regaining control or accessing their own data.
LCBO
The Crown Corporation’s website and mobile app were shut down in January after malicious code was embedded in the company’s server by an “unauthorized party” to obtain customers’ personal information, such as addresses and credit card numbers.
The crown company said customers who purchased products through the store’s online platform between Jan. 5 and Jan. 10 may have had their data breached. The company’s website was fully restored on January 15, with enhanced security features, after it was deliberately disabled to contain the cybersecurity incident.
Indigo Books & Music Inc.
The bookstore’s website server and the store’s electronic payment system went down in early February following a ransomware attack that began in early February and lasted until March.
Other services, including in-store returns and parcel delivery, were also hit with the unveiling of a temporary online home to purchase select products.
More than a week after the cybersecurity incident, Indigo confirmed that customer data, including credit/debit card numbers or the Plum points program, had not been breached.
The company later confirmed that data from current and former employees had been stolen by LockBit. The Toronto retailer announced it would not pay the cyberattack’s ransom, arguing that it was unsure that the ransom would not end up in the hands of terrorists or others on sanctions lists. Some of the stolen data was found to have been released on the dark web.
The company’s website and operations were restored a month after the attack.
/https://www.thestar.com/content/dam/thestar/columnist_logos/Orozco_Santiago_logo2022.jpg){kind=logo}
;Resize=620)