NorthAmOil: Suncor probing cyber attack amid warnings of Russia-aligned hacks on Canada’s oil and gas sector

Suncor Energy is still actively investigating a cybersecurity attack affecting transactions at Petro-Canada retail gasoline stations throughout Canada.

The energy provider, headquartered in Calgary, disclosed the incident on Sunday, acknowledging only that certain customer and supplier transactions had been hit by a “cybersecurity incident”. The company engaged third-party forensic experts and reported the incident to the government.

Suncor issued a statement earlier this week, stating: "We have no evidence at this time of compromised or misused customer, supplier or employee data resulting from this incident."

Still, it could be the most significant cybersecurity breach so far within Canada’s oil and gas sector, said experts.

Ian Paterson, chief executive officer of cybersecurity company Plurilock Security Inc., told Canadian Press that Suncor’s acknowledged ‘public-facing’ issues could be “just the tip of the iceberg.” On June 23, he said he had heard about Suncor employees unable to log in to their own internal company accounts.

“All of these things put together seem to suggest that there could be a sizeable cyber incident that’s taking place,” Paterson said.

The origins of the Suncor attack were unclear as of late Thursday, 29 June. The attack could cost the company millions of dollars, an expert told media.

Petro-Canada, the Suncor subsidiary operating more than 1,500 retail gasoline stations, had reported that some of its outlets were only able to accept cash payments, and that its mobile app and rewards points system have been temporarily unavailable. Additionally, car wash services were inaccessible.

On June 29, Suncor said moat of the outlets were again taking eletronic payments.