Home » News
Filter by category:

Urgent Cybersecurity Advisory: Nationwide Cyberattacks Targeting Automatic Tank Gauges (ATGs)

 

April 14, 2026 | comments

Urgent Cybersecurity Advisory: Nationwide Cyberattacks Targeting Automatic Tank Gauges (ATGs)

Tuesday, April 14, 2026 – The Energy Marketers of America has been informed of known cyberattacks targeting Automatic tank gauging (ATGs) in Tennessee, and cyber criminals are targeting systems nationwide. One convenience store chain has had at least 15 tanks now hit by this cyberattack. Thus far, there are no reports of any physical impacts.

Automatic tank gauging (ATG) systems are commonly used for fuel inventory and leak detection systems at retail fueling facilities, truck stops, marinas, and emergency generator facilities. Many of these devices are accessed remotely by computer networks to schedule fuel deliveries and maintain environmental compliance records for underground storage tank (UST) operational inspections.

Early reports indicate there have been multiple successful attempts to use computer network connections to gain unauthorized access to ATGs at multiple retail fueling convenience stores throughout the country. The attacks have allowed unauthorized access to fuel tank and fuel sensor information, and, in some cases, such information has been deleted from the ATG system.

The most common ATG system used is manufactured by the Veeder-Root Corporation. It appears that several successful attempts to modify the settings on these devices took place with sites equipped with Veeder-Root TLS-350 and TLS-450 Plus series consoles which were not programmed with network or password protection. Veeder-Root previously issued cybersecurity bulletins to address similar issues, which can be found at the links below:

The cyberattacks have also been documented on ATGs manufactured by other companies as well. In those instances, the targeted ATGs are not password-protected for remote network access. Each ATG should be equipped with site-specific network password protection (change the default password) and begin implementing network internet routers equipped with firewall protection.

The origin or purpose of the cyberattacks are currently unknown, but many suspect Iran is the instigator. To prevent unauthorized access to the local network and routers, tank owners should contact their local ATG service provider, which can add additional security measures to ensure your ATG system is adequately protected.

Recommended Immediate Actions

  • Change the default password on every ATG console (Veeder-Root TLS-350, TLS-450 Plus, and equivalents from other makers).

  • Deploy a dedicated firewall/router with the ATG on a segmented network (no direct internet exposure).

  • Contact your certified ATG service provider immediately—they can implement the hardening measures Veeder-Root recommends and verify compliance.

  • Store updated passwords securely inside or near the console (along with setup docs) for inspections.

  • Report incidents promptly via the CISA portal (https://www.cisa.gov/report), email report@cisa.gov, or phone (888-282-0870). Out-of-band communication is best if the network may be compromised.

When submitting a report to CISA’s portal, here’s the typical information that’s helpful to include:

  • Out-of-band method of communication (i.e., not via your potentially compromised IT network email) preferred for sharing any updates or sensitive information

  • Date and time of detection

  • Systems or networks affected

  • Type of incident (such as ransomware, DDoS, intrusion)

  • Indicators of Compromise (IOCs), like IPs, domains, or hashes

  • Impact details (data loss, operational disruption)

  • Mitigation steps already taken

EMA and the Tennessee Fuel & Convenience Store Association (TFCA) are working with DOE Cybersecurity, Energy Services and Emergency Response (CESER) and DHS Cybersecurity and Infrastructure Security Agency (CISA) to coordinate mitigation efforts and communication.

Additionally, EMA, TFCA and the Departments of Homeland Security (DHS) and Energy (DOE) urge members to use this opportunity to promote better cyber security in general. This incident is exploiting very basic cybersecurity deficiencies, and organizations that have this problem may also have vulnerabilities in other systems/equipment.

EMA urges its members to take advantage of CISA’s no-cost services to shore up cyber deficiencies at No-Cost Cybersecurity Services & Tools | CISA.







PMMIC Insurance RINAlliance AssuredPartners Philip Morris International Unified Contracting Services Reynolds Marketing Services Company Seneca Companies EMC Insurance Altria Otter Creek Country Stores, Inc Sinclair Renewable Energy Group HEALTHAlliance O'Day Rainbo Oil Company Westmor Industries Molo Petroleum Jet Gas Flint Hills Tanknology Seneca Tank HTP Energy MAST ATM Midwest Petroleum Equipment Federated Insurance Reif Oil Delta Dental Olsen Fuel Supply Phillips 66 Community Oil Company Core-Mark Central Bank Iowa Lottery Cenex Mulgrew Oil Kimmes Country Stores McDermott Oil Co GROWMARK Energy Shell Elliott Oil Company Voss Distributing McGowen, Hurst, Clark & Smith PC Wellmark Cylinder Express
PMCI Facebook PMCI Twitter PMCI LinkedIn
Home   |    About FUELIowa   |    Site Map   |    Privacy   |    Contact Us   |    ©2019 FUELIowa, All Rights Reserved
10430 New York Ave., Suite F, Urbandale, IA 50322-3773   |    P. 515.224.7545   |    F. 515.224.0502 Home
About FUELIowa
Site Map
Privacy
Contact Us
10430 New York Ave., Suite F, Urbandale, IA 50322-3773
P. 515.224.7545
F. 515.224.0502
©2019 FUELIowa, All Rights Reserved