Kwik Trip Findings Point to Cybersecurity Incident in Systems Outage
LA CROSSE, Wis. — The investigation into systems failure at Kwik Trip Inc. continues, but the convenience store chain said the outage may be a result of cybersecurity incident.
"Although a thorough investigation is ongoing and further information may be uncovered, current findings indicate that we experiences a cybersecurity incident that caused disruption to systems located on our internal network on Monday, Oct. 9, 2023, " Kwik Trip said in a statement posted to social media.
"The incident was detected within hours and mitigation efforts began immediately with the assistance of external cybersecurity experts," it added.
As the retailer noted, the investigation is still in the early stages and if "done correctly and thoroughly," the investigation will take some time.
There is good news for Kwik Trip customers. According to the retailer, "to date, there is no indication that guests' payment card information was involved."
The statement explained that, in general, the systems that were impacted involved its production facilities in La Crosse, its communication systems within the company and its loyalty program. As of Oct. 19, most internal systems were up and running and Kwik Rewards is back online "and successfully procession loyalty transactions at many of our stores," Kwik Trip stated, adding it anticipates all its stores to be processing loyalty transactions within the next few days.
[Read more: OUR TAKE: Data Security Is Still Top of Mind]
As of Oct. 24, the Kwik Trip Rewards app was back up and running.
La Crosse-based Kwik Trip operates more than 840 convenience stores in the Midwest. Its stores are known as Kwik Trip in Minnesota and Wisconsin, and as Kwik Star in Iowa and South Dakota.
Kwik Trip issues come as York, Pa.-based Rutter's reached a $1 million settlement with the Pennsylvania Attorney General's Office over its own cybersecurity incident that spanned a nine-month period from 2018 to 2019. The security breach involved 79 store locations and more than 1.3 million payment cards. The payment card information was accessed electronically, not at any physical store locations.