Circle K Hong Kong halts e-payments after suspected cyberattack

Nearly 400 outlets affected as chain works with authorities and forensics experts to assess breach.

The Circle K convenience store chain in Hong Kong has suspended most electronic payment services after a suspected cyberattack disrupted its systems over the weekend.

The company, which operates nearly 400 stores across the city, confirmed on Sunday evening that a network problem had impacted its e-payment, email, and loyalty programme systems. While stores remain open, customers can currently only pay with cash or Octopus cards, Circle K said in a social media statement.

“As we cannot rule out a possible cyberattack, we have acted quickly to secure customer, employee and supplier data,” the company said, adding that it is working with law enforcement and third-party forensics experts to determine the cause, scope, and potential data exposure.

By Monday, notices at some outlets, including a branch in Causeway Bay, informed shoppers that e-payments were unavailable due to a “network outage.” The chain first acknowledged the disruption on Saturday.

In addition to electronic payments, top-up services, product pickup, utility bill payments, and loyalty programme functions—such as voucher use, stamp collecting, and redemption—were also suspended.

The Office of the Privacy Commissioner for Personal Data confirmed it has contacted Circle K for further details but said no complaints or official reports had been filed as of Monday.