Kwik Trip has released another statement on an ongoing outage, all but confirming it suffered a cyberattack that has led to IT system disruptions.
Kwik Trip is a US chain of over 800 convenience stores and gas stations in Michigan, Minnesota, and Wisconsin, also operating under the name Kwik Star in Illinois, Iowa, and South Dakota. The company employs over 35,000 people.
Since October 8th, Kwik Trip/Kwik Star has been experiencing an IT outage impacting their Kwik Rewards program, support systems, phones, and email.
Last week, Kwik Trip released a statement saying their disruption was caused by a “network incident.”
“As many of you are aware, we are currently working through a network incident that has caused a disruption to some of our systems,” reads a statement on Twitter.
BleepingComputer has attempted to clarify whether this network incident was a cyberattack but did not receive replies to our queries.
However, Kwik Trip released a new statement today hinting they suffered a cyberattack, although they haven’t directly said those words.
Instead, Kwik Trip said it had hired security experts and emphasized that there is no evidence suggesting any data was stolen, indicating that it was a cybersecurity incident.
“While we are still experiencing an outage to the Kwik Rewards Program, our retail and customer-facing systems are not impacted,” reads Kwik Trips’ new statement.
“We are thoroughly investigating the incident now with third-party information security experts. We will provide further updates and information as appropriate in due course, but as of now we do not have any evidence that anyone’s personal or confidential information has been acquired by an unauthorized party.”
While Kwik Trip has said that no data was stolen in this “incident,” we typically find out later that data was exfiltrated from the victims’ systems following incidents affecting similarly sized organizations.
Kwik Trip customers and employees have told BleepingComputer that they are frustrated by the company’s lack of transparency and are concerned that their data may have been stolen and are at risk.
In light of this, it is advised that all Kwik Trip customers and employees monitor their credit history and credit card transactions for potential fraudulent activities as a precautionary measure.
Furthermore, if you receive any emails claiming to be from Kwik Trip but asking for further sensitive information, report them to the company and don’t click any embedded links.
BleepingComputer has once again contacted Kwik Trip with further questions about the incident but received no response before the article was published.