Customers have been reporting issues with Petro-Canada's loyalty and payment programmes for almost a week now, but the company maintains it is working to find solutions.
Around a week ago, reports that the parent company Suncor had been hacked surfaced, sparking problems within the company.
Suncor confirmed having a "cybersecurity incident" over the weekend and highlighted that, despite being certain that no employee or customer data had been stolen, "some transactions with customers and suppliers may be impacted."
One of the first sites where such disruptions were discovered was at Petro-Canada, where the chain's more than 1,500 outlets across the country were experiencing difficulties processing debit and credit payments. Other services affected include the loyalty programme app Petro-Points and a car wash-related service.
Petro-Canada stated on Twitter that it is "making progress on resolving the disruptions customers have been experiencing and will continue to update you as more services come back online." We apologise for any inconvenience this has caused, and we thank you for patience."
Massive implications
Suncor has yet to link the cybersecurity incident to Petro-Canada problems, or even say what type of incident it was, but Ian Paterson, CEO of cybersecurity firm Plurilock, says the incident has some of the hallmarks of a "ransomware" attack, in which malicious actors gain access to a company's network and then hold it hostage in exchange for payment. He warns, though, that it might not be.
"If a company is taking down systems voluntarily to try to figure out what happened, it would actually look very similar to a ransomware attack," Paterson stated.
Those attacks frequently occur when hackers detect a vulnerability of some kind, hence they often take place during downtimes such as holidays or as we approach the weekend.
Whatever the source, Paterson believes the corporation is dealing with a "massive problem" considering the length of the outage.
Reputational harm
According to Jon Ferguson, general manager of cybersecurity at the Canadian Internet Registration Authority, the company's impact from this cybersecurity issue will be felt for a long time.
He mentioned that one of the issues is that it is a huge organisation.
"If they have to go in and modify critical systems, that can take a very long time to recover, depending on what's been damaged," Ferguson told The Canadian Press. "There's also the cost of disruption.I'm not sure how much gas Petro-Canada didn't sell since customers didn't have cash."
Additionally, he noted that the cost of the harm to the company's reputation was very difficult to measure, but you're probably going to think twice before you slip your credit card into a Petro-Canada gas machine now.
Businesses affected by cyber attacks
The incident is only the most recent cybersecurity breach to make headlines. Indigo was targeted by a ransomware attack in February, which disrupted credit and debit card payments for days and the online store for over a month.
In 2021, the American pipeline firm Colonial Pipeline went offline after hackers breached the corporation's servers. This attack halted the flow of gasoline over a critical pipeline that supplies the eastern seaboard, causing major shortages.
The Canadian Centre for Cyber Security warned last week that ransomware attacks — in which hackers gain access to a company's internal system and demand payment in exchange for restoring it — were the most serious cyber threat facing Canada's oil and gas industry.
