NewsLocal News


Kwik Trip confirms system outage as cyberattack

Kwik Trip confirmed its outage was a cyber-security incident but says there is no indication that payment card information was involved. The Kwik Trip Rewards app and website are still offline.
Kwik Trip picture
Posted at 9:34 AM, Oct 20, 2023
and last updated 2023-10-20 10:34:01-04

Kwik Trip provided an update on its IT system outage that has been plaguing the company for nearly two weeks.

The company confirmed Thursday evening it was a "cybersecurity incident," but says there is no indication that customer payment card information was involved.

Officials did not share the source of the cybersecurity incident.

The Kwik Trip Rewards app and website are still offline.

Last week, TMJ4 reported a power outage caused Kwik Trip app users to be unable to use their app.

Guests who had the Kwik Trip card could not make purchases. Kwik Trip said several areas were impacted. It also caused companywide product shortages of milk and bread.

Kwik Trip reported that systems affected were related to production facilities in La Crosse, where it is headquartered, has its communication systems, and Kwik Trip's loyalty program.

Officials predict all locations will be processing loyalty transactions in a few days.

One expert previously told us he believed it was the signs of a cyberattack.

"It sounds like a cyberattack and quite serious at that," Alex Holden, Chief Information Security Officer at Hold Security said. "The gas stations are still functional which is a good thing. But some of the infrastructure most likely within Kwik Trips have been disabled for five days now. That's a very long time. Usually, companies on day two or day three give us some kind of status."

Holden said the situation had all of the earmarks of a cyberattack.

"This seems to be a situation with ransomware where the bad guys get into the systems of the company, encrypt it, lock away their data and most likely stole some data as well," Holden said.

These types of attacks are becoming more prevalent. According to the FBI, internet crimes were responsible for $6.9 billion dollars in losses in 2021. That number jumped to $10.2 billion last year.

The FBI data also shows in Wisconsin, there were $15,000 in losses due to ransomware in 2021. Last year, that jumped to $286,200.

Just last month, Johnson Controls was struck by a ransomware attack, where hackers demanded $51 million. According to an SEC filing on Sept. 27, Johnson Controls said it "has experienced disruptions in portions of its internal information technology infrastructure and applications resulting from a cybersecurity incident."

In August, Caesars Entertainment, a Las Vegas casino, faced a cyberattack where they paid a $15 million ransom. But it didn't stop there.

Thursday, Caesars told its customers at least 41,397 people had their data stolen in the grift, according to The Register.

Holden says, even though Kwik Trip and Caesars are on different levels, the cyber swindle remains the same and people in Wisconsin should be concerned.

"They should be taking this more seriously because at the end of the day, it's likely a cyberattack," Holden said. "Their information can be endangered if they trusted anything to Kwik Trip."