Cybersecurity incident at Suncor knocks Canadian gas stations offline

Suncor, a major Canadian energy company, has confirmed that a cyberattack has hit the systems of its gas station chain Petro-Canada. In some stations, paying cash is still the only option.

The incident took place on Friday, June 25th, the company said. The attack impacted Petro-Canada’s website and mobile apps.

The payment systems have also been suffering – customers at some gas stations still have to pay cash, and they’ve been expressing their anger on social media.

And because the website and app are difficult to log into, season passes and Petro-Canada’s loyalty program, “Petro-Points,” aren’t working either. Some car washes are also down.

“Suncor has experienced a cyber security incident. The company is taking measures and working with third-party experts to investigate and resolve the situation, and has notified appropriate authorities,” said the Canadian oil giant.

The company added, though: “At this time, we are not aware of any evidence that customer, supplier or employee data has been compromised or misused as a result of this situation.”

On Saturday, Petro-Canada’s official Twitter account also issued a tweet saying that the company’s Petro-Points app and website were temporarily unavailable.

The public-facing problems seem to be difficult to solve. There’s speculation on social media that Suncor employees haven’t been able to log in to their own internal accounts.

There hasn’t yet been a publicized, large-scale, successful cyberattack on a domestic oil and gas company in Canada. However, in April, an apparent release of Pentagon documents contained a claim by Russian-backed hackers that they had successfully accessed Canada’s natural gas infrastructure.

The legitimacy of those claims remains unclear, but in mid-June, the Canadian Centre for Cyber Security warned that ransomware attacks were the primary cyber threat facing Canada’s oil and gas sector.

“We assess that the oil and gas sector in Canada will very likely continue to be targeted by state-sponsored cyber-espionage for commercial or economic reasons. At risk are proprietary trade secrets, research, and business and production plans,” said the agency.

In ransomware attacks, hackers demand payment in exchange for giving back control of a company’s internal systems. It’s not yet clear whether this is exactly what happened with Suncor.

Last year, Suncor was one of two dozen oil and gas companies that signed the Cyber Resilience Pledge – a vow to beef up cybersecurity. This followed the infamous hack of the Colonial Pipeline in 2021.

The Colonial Pipeline hack was the largest cyberattack on oil infrastructure in the history of the United States, and forced the company to temporarily halt pipeline operations.

More from Cybernews:

Fashion meets privacy for the age of surveillance

China pushes ahead with its own vision of an AI-enhanced future

Baidu says its Ernie Bot is better than ChatGPT

Subscribe to our newsletter