Two weeks into an ongoing IT outage, Kwik Trip finally confirmed that it’s investigating a cyberattack impacting the convenience store chain’s internal network since October 9.
This outage has been causing widespread IT system disruptions and is still affecting the company’s Rewards program and support systems.
Kwik Trip said it hadn’t discovered evidence that the attackers gained access to customer payment details in the recent security breach. Still, it has not provided details regarding the customers’ personal information stored on the affected systems.
“Although a thorough forensic investigation is still ongoing and further information may be uncovered, current findings indicate that we experienced a cybersecurity incident that caused disruption to systems located on our internal network on Monday, October 9, 2023,” Kwik Trip said on Thursday evening.
“The incident was detected within hours and mitigation efforts began immediately with the assistance of external cybersecurity experts.”
The Kwik Rewards loyalty program resumed operation at select stores on Thursday and will gradually be reinstated at all locations in the coming days.
The company is also working to restore functionality to its Kwik Rewards app and website, which remain offline.
“However, members will receive an update as soon as these are restored. That communication will include plans to restore any missed rewards as a result of the outage,” the store chain said.
Even though BleepingComputer reached out multiple times for clarification regarding what the company has described until now as a network incident, it has yet to receive a response.
However, in a Tuesday statement, Kwik Trip all but confirmed it suffered a cyberattack that led to its IT system outage, indirectly alluding to a cyberattack as the cause of the “network incident,” although they did not explicitly state it.
“While we are still experiencing an outage to the Kwik Rewards Program, our retail and customer-facing systems are not impacted,” said Kwik Trip.
“We are thoroughly investigating the incident now with third-party information security experts. We will provide further updates and information as appropriate in due course, but as of now we do not have any evidence that anyone’s personal or confidential information has been acquired by an unauthorized party.”
Kwik Trip is a U.S. chain comprising over 800 convenience stores and gas stations in Michigan, Minnesota, and Wisconsin. Additionally, the company operates under the name Kwik Star in Illinois, Iowa, and South Dakota.
With a workforce exceeding 35,000 employees, Kwik Trip also manages stores under various banners, including Tobacco Outlet Plus, Tobacco Outlet Plus Grocery, Hearty Platter, Kwik Spirits, and Stop-N-Go.
Source: www.bleepingcomputer.com