Cyber Attack cyber

Circle K Hong Kong

Sep 23, 2025 2 min read
Circle K Hong Kong

Circle K Hong Kong, a subsidiary of Canadian firm Alimentation Couche-Tard, experienced a network disruption that paralyzed nearly 400 outlets for days, crippling electronic payment systems, email services, and loyalty programs. While stores remained open, customers could only pay via cash or Octopus cards, leading to widespread complaints about expired loyalty points and coupons. The company acknowledged a potential cyberattack, secured customer, employee, and supplier data, and engaged law enforcement and forensic experts to investigate the breach. The incident follows a pattern of cyber threats targeting Circle K globally, including a 2024 ransomware attack on its Atlanta operations and a 2023 data exposure involving payment card details, loyalty numbers, and employee information. The disruption also coincided with a similar network outage at Convenience Retail Asia (CRA), Circle K’s former Hong Kong licensee, though a direct link remains unconfirmed. The prolonged downtime severely impacted operations, customer trust, and financial transactions, with no immediate resolution in sight as of the latest reports.

Source: https://therecord.media/circle-k-hong-kong-suspected-cyberattack-convience-stores

TPRM report: https://www.rankiteo.com/company/alimentation-couche-tard

"id": "ali0792407092325",
"linkid": "alimentation-couche-tard",
"type": "Cyber Attack",
"date": "6/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Convenience Stores',
                        'location': 'Hong Kong',
                        'name': 'Circle K Hong Kong',
                        'size': '~400 outlets',
                        'type': 'Retail Chain'},
                       {'industry': 'Retail',
                        'location': 'Hong Kong',
                        'name': 'Convenience Retail Asia (CRA)',
                        'type': 'Former Parent Company'}],
 'customer_advisories': ['Facebook statement urging patience; no extension of '
                         'loyalty deadlines announced'],
 'date_detected': '2024-07-27',
 'date_publicly_disclosed': '2024-07-29',
 'description': "Convenience store chain Circle K experienced a 'network "
                "disruption' that paralyzed its Hong Kong operations for "
                'several days, suspending electronic payment and loyalty '
                'services across nearly 400 outlets. The incident, first '
                'reported over the weekend, affected e-payment systems, email '
                'services, and loyalty programs. Circle K stores remained open '
                'for cash and Octopus card payments. The company has not ruled '
                'out a cyberattack and is working with law enforcement and '
                'third-party forensics experts to investigate. Customers '
                'reported ongoing outages and complaints about expired loyalty '
                'points and coupons. The incident may be linked to a similar '
                'disruption reported by Circle K’s former parent, Convenience '
                'Retail Asia (CRA).',
 'impact': {'brand_reputation_impact': 'Negative (customer complaints on '
                                       'social media)',
            'customer_complaints': ['Expired loyalty points',
                                    'Expired coupons',
                                    'Service outages'],
            'downtime': 'Several days (ongoing as of 2024-07-30)',
            'operational_impact': 'Suspension of electronic payments and '
                                  'loyalty services; stores remained open for '
                                  'cash/Octopus payments',
            'payment_information_risk': 'Potential (historical incidents '
                                        'suggest payment data exposure)',
            'systems_affected': ['e-payment systems',
                                 'email services',
                                 'loyalty programs']},
 'investigation_status': 'Ongoing (with law enforcement and third-party '
                         'forensics)',
 'references': [{'date_accessed': '2024-07-30',
                 'source': 'Recorded Future News'},
                {'date_accessed': '2024-07-29',
                 'source': 'Circle K Hong Kong Facebook Statement'},
                {'date_accessed': '2024-07-30',
                 'source': 'Local Media Reports (Causeway Bay Outlet '
                           'Notices)'}],
 'regulatory_compliance': {'regulatory_notifications': ['Law enforcement '
                                                        'notified']},
 'response': {'communication_strategy': ['Facebook statement (2024-07-29)',
                                         'Social media updates'],
              'containment_measures': ['Securing customer, employee, and '
                                       'supplier data'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'third_party_assistance': ['Forensic experts']},
 'title': 'Network Disruption and Potential Cyberattack at Circle K Hong Kong',
 'type': ['Network Disruption', 'Potential Cyberattack']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.