Petro-Canada Faces Cybersecurity Incident Affecting Payment Systems

Petro-Canada, a Calgary-based oil and gas company, has announced that it is currently experiencing a cybersecurity incident that is impacting payment systems at some of its gas stations. The company has released a statement acknowledging the issue and stating that certain transactions with customers and suppliers may be affected while they work to resolve the situation. Customers have reported on social media that some Petro-Canada stations were only accepting cash over the weekend. The company’s website and loyalty app have also experienced disruptions. While the extent of the outages and a timeline for restoration are still unknown, Suncor, the parent company of Petro-Canada, has assured customers that there is no evidence of compromised or misused data at this time.The Incident and Response:Petro-Canada’s statement acknowledges the cybersecurity incident and emphasizes that they are actively working to address the issue. They have engaged with appropriate authorities and enlisted the assistance of a third-party investigator to help resolve the situation. The company has not provided specific details about the nature and scope of the outages, and Global News’ request for further information is still pending. The Canadian Centre for Cyber Security, aware of the incident, commented on the general targeting of Canada’s oil and gas sector by malicious cyber activities but did not provide specific insights into this incident.Significance and Potential Impact:Cybersecurity experts, including Ian L. Paterson, CEO of Plurilock Security Inc., believe that this incident could be significant and not just a minor data breach. Comparisons have been drawn to the 2021 ransomware attack on the Colonial Pipeline, the largest pipeline system for refined oil products in the United States. While no large-scale cyberattack has yet targeted a Canadian oil and gas company, the energy industry has long been identified as an attractive target for cybercriminals. Financially motivated attackers and state-sponsored hackers seeking geopolitical disruption have shown interest in the sector. Paterson highlights the potential seriousness of the situation for Suncor, given its prominent position in the Canadian economy and the vulnerability of critical infrastructure.Challenges and Potential Impact on Suncor:There is currently no indication that Suncor’s critical infrastructure, such as oilsands facilities or refineries, has been affected by the incident. However, the complexity and size of Suncor’s operations pose challenges in resolving the issue. If the threat actors have been present and persistent for an extended period, it could take significant time to identify and remove them from the network. Paterson emphasizes that the incident underscores the vulnerability of critical infrastructure and the need for heightened cybersecurity measures in the energy industry. The situation also serves as a reminder that the industry, both at the federal level and within organizations, should prioritize proactive cybersecurity strategies to mitigate potential risks.Conclusion:Petro-Canada’s ongoing cybersecurity incident involving payment systems at gas stations has raised concerns about the potential impact on customers, suppliers, and the larger energy industry. As the parent company Suncor works to resolve the issue, it is crucial to ensure the security of critical infrastructure and protect against future cyber threats. The incident serves as a reminder that the energy sector, given its significance to the economy and national security, remains an attractive target for cybercriminals and state-sponsored actors. Effective collaboration between organizations, cybersecurity experts, and government agencies is essential to strengthen defenses and mitigate risks in this critical sector.