Kwik Rewards, the rewards program for purchases at Kwik Trip, has suffered a "cybersecurity incident" of unknown scope and origin on October 9, which caused problems up until October 23, when the company said it was resolved.
“Although a thorough forensic investigation is still ongoing and further information may be uncovered, the current findings indicate that Kwik Trip experienced a cybersecurity incident that caused disruption to systems located on the company’s internal network on Monday, October 9, 2023," John McHugh, Vice President of External Relations, said in a statement. "The incident was detected within hours and mitigation efforts began immediately with the assistance of external cybersecurity experts."
Who hacked Kwik Trip and what did they do? The "nature and scope of this is ongoing and in its early stages," continued McHugh. "Done correctly and thoroughly, these investigations take time to complete."
The good news, so far, is that they have no indication that payment card info was stolen, and Kwik Rewards users will now get double visit credits for each visit.
In general, rewards programs like Kwik Rewards have useful information for hackers. Bad actors can leverage access to simple information like names, addresses and birthdates into more complete and sinister forms of identity theft.
Business identity theft remains a key driver of freight fraud, and personal identity theft has ruined the credit of many. More information on how to avoid identity theft here, and on the personal side here.
Kwik Trip offers a commercial fleet fueling card, but a representative there said they had no information on whether the cyber attack had reached those accounts.
On Monday, Kwik Trip announced the end of the interruption:
“As of Monday, October 23, the Kwik Rewards program has been restored and is fully functional. Members can now access rewards in-store and through the Kwik Rewards mobile app and website to view and manage their rewards account. We understand over the last several days you may not have been able to redeem or accumulate rewards and we sincerely apologize for the inconvenience and frustration this may have caused. We are committed to making this right, so through November 5, members will be receiving double visits for every purchase.”
[Related: How to guard both personal and business identity to prevent theft]
