Kwik Trip reported Monday it has restored full access to many of its internal systems, but is still experiencing an outage to its rewards program.
Kwik Trip said its retail and customer-facing systems are not impacted by the outage. Its payment card processing system also remains "secure and unaffected."
John McHugh, Vice President of External Relations, provided the following update Monday:
“Our teams have been working tirelessly over the past week and are happy to report that we have restored full access to many of our internal systems. While we are still experiencing an outage to the Kwik Rewards Program, our retail and customer-facing systems are not impacted. Our payment card processing system remains secure and unaffected. Throughout this period, our ability to accept credit and debit card payments was not impacted, which remains true across all of our locations. For the systems that remain down, we anticipate that functionality will be restored in the coming days. We will update this communication as they become available. We want to extend our sincere gratitude to our guests who have shown patience and understanding. We are also very grateful for the efforts of our coworkers for their attention to resolving this matter as quickly as possible.”
Last week, a power outage caused Kwik Trip app users to be unable to use their app.
- PREVIOUS COVERAGE: Expert fears private Kwik Trip customer data at risk due to disruptions
Guests who had the Kwik Trip card could not make purchases. Kwik Trip said several areas were impacted. On Friday, the Mequon Kwik Trip had several paper signs taped to doors alerting customers of the issue.
One expert believes this could be the signs of a cyberattack that could impact both Kwik Trip and its customers.
"It sounds like a cyberattack and quite serious at that," Alex Holden, Chief Information Security Officer at Hold Security said. "The gas stations are still functional which is a good thing. But some of the infrastructure most likely within Kwik Trips have been disabled for five days now. That's a very long time. Usually companies on day two or day three give us some kind of status."
Holden says this situation has all of the earmarks of a cyberattack.
"This seems to be a situation with ransomware where the bad guys get into the systems of the company, encrypt it, lock away their data and most likely stole some data as well," Holden said.
These types of attacks are becoming more prevalent. According to the FBI, internet crimes were responsible for $6.9 billion dollars in losses in 2021. That number jumped to $10.2 billion last year.
The FBI data also shows in Wisconsin, there were $15,000 in losses due to ransomware in 2021. Last year, that jumped to $286,200.
Just last month, Johnson Controls was struck by a ransomware attack, where hackers demanded $51 million. According to an SEC filing on Sept. 27, Johnson Controls said it "has experienced disruptions in portions of its internal information technology infrastructure and applications resulting from a cybersecurity incident."
In August, Caesars Entertainment, a Las Vegas casino, faced a cyberattack where they paid a $15 million ransom. But it didn't stop there.
Thursday, Caesars told its customers at least 41,397 people had their data stolen in the grift, according to The Register.
Holden says, even though Kwik Trip and Caesars are on different levels, the cyber swindle remains the same and people in Wisconsin should be concerned.
"They should be taking this more seriously because at the end of the day, it's likely a cyberattack," Holden said. "Their information can be endangered if they trusted anything to Kwik Trip."