The Energy Marketers of America said Tuesday cybercriminals have attacked automatic tank gauges at gas stations in Tennessee and are targeting ATGs nationwide.
EMA is aware of a convenience store chain with at least 15 tanks compromised in the cyberattack, but no physical damage has been reported, the trade
association said in a news release.
ATG systems are used to monitor fuel inventory and detect leaks at retail fuel sites, truckstops, marinas and emergency generator facilities. Computer networks remotely access many ATGs to schedule fuel deliveries and keep underground storage tank records for environmental compliance.
"Early reports indicate there have been multiple successful attempts to use computer network connections to gain unauthorized access to ATGs at multiple retail fueling convenience stores throughout the country," EMA said. "The attacks have allowed unauthorized access to fuel tank and fuel sensor information, and, in some cases, such information has been deleted from the ATG system."
Veeder-Root Corp. is the largest ATG manufacturer, the association said.
"It appears that several successful attempts to modify the settings on these devices took place with sites equipped with Veeder-Root TLS-350 and TLS-450
Plus series consoles which were not programmed with network or password protection. Veeder-Root previously issued cybersecurity bulletins to address similar issues," EMA added.
This is not the first time ATGs have been compromised.
In 2019, for example, OPIS reported that Veeder-Root experienced an incident at less than 100 sites globally. At that time, software company Titan Cloud also said it believed a "large-scale" distributed denial-of-service attack was underway targeting ATGs. ATGs were "locking out access sporadically" and
"preventing visibility into fuel levels and alarms." Tanks were running out of fuel and lost alarm notifications, the vendor said.
In an email, Veeder-Root said, "We're aware of the situation and monitoring it closely. We continue to recommend our customers follow the latest guidance regarding recommended updates to ATGs to help prevent cybersecurity incidents and attacks."
On its website, Veeder-Root tells customers to place ATGs behind a secure firewall and on a separate network segment from payment processing devices. The company says to limit third-party access to the system with IP address restrictions and password protection. Software must be kept up to date, it added.
Veeder-Root also recommends installing modern ATGs with security features like port management, network timing protocol and secure socket layer communications.
"Just because your connected devices have never been breached by cybercriminals does not mean it could not happen in the future," the company said.
This content was created by Oil Price Information Service, which is operated by Dow Jones & Co. OPIS is run independently from Dow Jones Newswires and The Wall Street Journal.
Reporting by Donna Harris, dharris@opisnet.com; Editing by Michael Kelly, mkelly@opisnet.com
(END) Dow Jones Newswires
April 14, 2026 17:56 ET (21:56 GMT)
Copyright (c) 2026 Dow Jones & Company, Inc.
Comments