A suspected cyber attack on Hong Kong's OK Convenience Store has paralyzed the operations of nearly 400 stores across the territory for several days, forcing the e-payment, email and member services systems to go out of service.
SECURITY INSIDER, Sept. 25 (Bloomberg) -- OK Convenience Stores (Circle K), Hong Kong's second-largest convenience store chain, said a "network outage" has paralyzed its operations in the city for several days, forcing the suspension of most of the e-payment and membership services at nearly 400 stores across the territory.
The retailer said the incident, which was first reported last weekend, affected electronic payment systems, email services and membership programs. For the time being, OK Convenience Store remains “open and open for business”, and customers can still pay with cash or Octopus, a contactless smart card widely used in Hong Kong.
In a Facebook statement Monday, the company said, “As a cyberattack cannot be ruled out, we have taken swift action to protect the data of our customers, employees, and suppliers, and are working with law enforcement and third-party forensics experts to identify the cause, scope, and impact of this intrusion.”
The company has yet to release further updates or respond to requests for comment from foreign media. As of Tuesday, customers were still reporting service outages on its Hong Kong social media pages, complaining about expired membership points and coupons, and calling on the company to extend the expiration dates.
OK Convenience Store has been victimized by repeated cyberattacks in the last three years.
OK Convenience Stores Hong Kong is owned by Alimentation Couche-Tard (ACT), a Canadian company that operates OK Convenience Stores in North America and elsewhere.
According to local media reports, an OK Convenience Store located in Causeway Bay, a major retail district in Hong Kong, has posted a notice stating that the electronic payment service is suspended due to “network outage”.
OK Convenience Stores Hong Kong's former parent company was Celia Retail Limited (CRA). CRA licensed the brand in the 1980s and sold it back to ACT in 2020. CRA similarly reported a network outage on Monday, saying its internal systems had been impacted and it had notified law enforcement, but it is unclear whether the two incidents are related.
OK Convenience Stores has been the target of numerous cyberattacks around the world. In January, Gas Express, the chain's largest franchisee in the United States, disclosed that hackers had stolen customer names, social security numbers, and driver's license information. In June 2024, a ransomware group allegedly claimed responsibility for an intrusion at the OK Convenience Store in Atlanta.
In 2023, researchers also discovered that an OK Convenience Store's dataset was leaked online, containing partial payment card information, customer membership numbers, and employee contact information. The company said it had fixed the issue but did not comment further.
Reference: https://therecord.media/circle-k-hong-kong-suspected-cyberattack-convience-stores
估計損失高達-19-億英鎊,為英國歷來之最.jpg)
