Circle K halts electronic payments due to suspected cyberattack

Convenience chain Circle K has halted electronic payments due to a network disruption since Saturday (20 September) and a suspected cyberattack.

In a statement posted on its Instagram and Facebook pages, Circle K said it is investigating and responding to a network disruption in its Hong Kong business unit, which so far has affected certain systems, including payments, email and loyalty programmes. 

While Circle K cannot rule out a possible cyberattack, it has acted quickly to secure customer, employee and supplier data. It is working with law enforcement and third-party forensics experts to determine the cause, scope and extent of this breach, including whether any data has been compromised, according to the statement. 

Circle K’s stores remain open and operating, and customers may pay with cash or Octopus, though electronic payment transactions are temporarily unavailable. It has advised customers to follow general online safety guidelines, remain vigilant and never share passwords or sensitive information. 

“We will share updates as we learn more. In the meantime, we understand the inconvenience this may cause to our valued customers and thank them for their patience,” the statement reads. 

The statement has sparked discussions on both Instagram and Facebook, MARKETING-INTERACTIVE confirmed. A number of netizens expressed concerns about the impending expiration of loyalty programme points and discount coupons, requesting an extension.

On the other hand, Circle K's parent company Convenience Retail Asia said it has experienced a network disruption in Hong Kong on Saturday, which so far has affected internal systems and certain functions of our loyalty programme. Its stores remain open and operating, and customers may pay with cash, Octopus and other electronic payment methods.

“The company has engaged third-party forensic experts to conduct an investigation to determine the cause, scope and extent of this system failure, including whether any data has been compromised,” its statement on HKEX reads. 

Furthermore, the company has reported the incident to law enforcement and will report to the Office of the Privacy Commissioner for Personal Data of Hong Kong (PCPD) if any data breach incidents are identified. 

The brands under Convenience Retail Asia include Saint Honore Cake Shop, the cake shop Mon Cher, and Merci Moncher, as well as the eyewear store Zoff.

MARKETING-INTERACTIVE has reached out to the PCPD for a statement. 

Take your brand to new heights with cutting-edge AI strategies, innovative technology, and data-powered experiences. Don’t miss Digital Marketing Asia 2025 in Hong Kong on 20-21 October, where 200+ marketing leaders will explore game-changing trends, proven successes, and bold ideas shaping the future.

Related articles:

7-Eleven rejects buyout offer by Circle K’s operator
Circle K’s operator proposes to take over 7-Eleven business
Circle K makes huge investment in citywide rebranding campaign