Remi's Realm [RR]

“Where’s my Petro-Points gone? What happened to them? 😲”

That was the question uttered from my lips in surprise and shock while I was in car wash line of Petro Canada yesterday (Jan 10th, 2025) to get my car washed.

There used to be ~28000 points in my rewards card, but now there was only ~1000. Well, it is not a big amount, every 1000 points equate to $1. But that was still a case of missing economic value.

At first, I was a little naive and thought that perhaps those points had expiry date on them and they simply expired. OK, no biggie…Still, wanted to give customer service a call and kindly request those “expired” points back for the sake of customer loyalty as I’ve been loyal customer to Petro Canada for years. While I was on the call with customer representative, still waiting in line to get my car washed, I was also looking around in Petro Canada mobile app. Customer representative was still struggling to verify my identity, then I suddenly located a suspicious transaction which was done on November 27th of 2024 in the amount of 27000 points. After clicking on this transaction, I was able to see all details pertaining to this transaction including store ID. Customer representative then confirmed that that store is located somewhere in ALBERTA, even though I live in ONTARIO and I have never been to Alberta before ever in my life.

Blurry picture of what’s happened to my reward points started to get clearer as minutes passed by while on customer service call. I suddenly remembered the days where Petro Canada database were down for weeks/months, where I was not able to log in to my account for a long time. I mentioned this issue to customer representative and cyber security attack on Petro Canada a while ago, but representative told me that he has recently been recruited and he has no knowledge of such incident.

For those curious, here is the link to CBC news article where data breach incident is mentioned in further detail.

Being one of the lucky members of this rewards program, my personal data was apparently exposed in that breach. Furthermore, someone was using my personal data to redeem my points on the other coast of the continent.

Customer representative then offered to “secure” my account by cloning it and attaching my account to another email of mine. He then proceed with giving those missing 270005 points back to my account which was stolen from me by bad actors. You can see that transaction below.

I was meaning to share the -27005 transaction which was showing the store ID of the store located in Alberta, however I no longer see my old transactions after my account was “secured”.

I thought to myself that this is very interesting story that is worth sharing in my blog asap. Then I felt lazy when I got back home to get back to my computer and share this story. Watched a show and just went to bed thinking that I will probably not spend time sharing this story.

The very next morning (Jan 11th, 2025), there goes the cosmic signal! 🌎 🛜

I woke up, opened up daily puzzle (Quartiles) that is posted on Apple News+ on my phone and starting seeing words like:

• gov
• edu
• org
• com

At first, they all looked like top-level domain names.

After solving the puzzle, these were the all 5 words in Quartiles word puzzle:

• cybernetic
• governance
• forthcoming
• reschedule
• unforgivably

Apparently, theme of today’s puzzle was cyber security. I thought, “yeah, this is the cosmic signal, gotta post this story!”

There it is, you are now reading this story thanks to the motivation I received from “cosmic signal” this morning!

Well, that brings the answer of the question I posed at the beginning of this post.

“Where’s my Petro-Points gone? “

Answer: My account was hacked first (as part of big data breach conducted by PetroCanada hackers last year), then hacked personal data got used somewhere in Alberta.

Finishing off this post by referring to PetroCanada’s own slogans:

“FIND YOUR HAPPY PLACE“

“LIVE BY THE LEAF“

• “FIND YOUR SAFE PLACE (to store customer personal data)”
• “FIND YOUR SAFE SPACE (Password-Protected!)”
• “FIND YOUR SAFE PLACE, NOW HACK-FREE!”
• “Oopsies! SAFE PLACE, NOW EVEN SAFER!”
• “LIVE BY THE (data) LEAK”
• “LEAF IT TO US, WE’RE ON IT!”

Your periodic reminder of how cyber security is important and what consequences it could bear in case of data breaches.

One obvious consequence is losing customer trust and hence customers themselves eventually.

Stay cyber-safe!

Take (good) care (of your data)!