Connect with us

Hi, what are you looking for?



Gas Stations Impacted by Cyberattack on Canadian Energy Giant Suncor

Some services at Petro-Canada gas stations have been disrupted following a cyberattack on parent company Suncor, one of North America’s largest energy companies.

Suncor cyberattack

Some services at Petro-Canada gas stations have been disrupted following a cyberattack on parent company Suncor, one of the largest energy companies in North America. 

Suncor is a Canada-based company that produces oil and runs several refineries in North America. The organization owns a network of more than 1,800 Petro-Canada retail and wholesale locations. 

In a brief statement issued on June 25, Suncor said it had experienced a cybersecurity incident that may impact some transactions with suppliers and customers. The company said it brought in third-party experts to aid investigation and response efforts, and noted that authorities have been notified.

“At this time, we are not aware of any evidence that customer, supplier or employee data has been compromised or misused as a result of this situation,” the company said.

On June 26, Petro-Canada said on Twitter that it’s working with Suncor to respond to the cybersecurity incident, informing customers that some services may be unavailable, including credit card payments and car washes. 

Petro-Canada also informed customers that they will not be able to log into their loyalty program account from the app or website.  

It’s unclear if the disruptions have been caused by a ransomware attack. In these types of attacks, cybercriminals can encrypt files and steal data from the victim’s systems — they can conduct only one or both types of activities. 

Advertisement. Scroll to continue reading.

In 2021, American oil pipeline system Colonial Pipeline was targeted in a ransomware attack that resulted both in significant disruption and the theft of information, with the company paying millions of dollars to the attackers. 

SecurityWeek has sent an email to Suncor asking if the incident involved ransomware and whether the company received a ransom demand from the attackers. This article will be updated if the energy giant responds.

Threat actors have been observed selling access to energy organizations, including oil and gas firms, on cybercrime forums. 

Related: US Offshore Oil and Gas Infrastructure at Significant Risk of Cyberattacks

Related: ABB Oil and Gas Flow Computer Hack Can Prevent Utilities From Billing Customers

Related: European Oil Port Terminals Hit by Cyberattack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...