A group claiming responsibility for a ransomware attack on Parkland Fuel Corporation has leaked information it says it stole from the company – but the fuel company has yet to confirm to the public about the actual nature of the cyber incident.
Parkland had revealed that on November 14, 2020, it detected “suspicious activity” involving unauthorized access to a subset of its IT network in Canada. The company also explained that as soon as it had detected the anomalous activity, it responded quickly.
“We have extensive procedures and protocols in place and took immediate action,” Parkland director of communications Simon Scott said in a statement during the initial announcement of the incident. “We retained external experts, initiated an investigation and temporarily took some of our Canadian applications offline, all of which are back in operation. We continued to safely meet the needs of our customers and have kept them informed throughout.”
Scott also stated that although Parkland knows that unauthorized access occurred on that date, the company’s investigation has not found any evidence that their core customer or employee systems were accessed.
“As the investigation continues, we will notify any stakeholder that may have been directly affected,” the spokesperson said.
But just weeks after the cyber incident, IT World Canada reported that the website of the Clop ransomware gang had begun publishing some 500MB worth of data – data the group claims it had stolen from Parkland. An IT security firm threat researcher took a look at the stolen cache and determined that it appears to include files on refinery operations, as well as a photocopy of one of Parkland’s director’s passports.
IT World Canada was unable to reach Parkland in time for comment on Clop’s data leak.