We want to make you aware of a recent cybersecurity incident impacting Franklin Fueling Automatic Tank Gauges (ATGs). While this did not originate from or involve our systems, it highlights an important security consideration for any site exposing ATG systems to the public internet.

What We Know

Based on currently available information:

• Over this past weekend a significant number of Franklin ATGs were hacked (configurations and/or backups were deleted)
• These were all directly accessible from the public internet
• The Franklin Fueling Systems (TSA XML) protocol was enabled and exposed over port 10001

• At this time, systems using Veeder-Root TLS protocol do not appear to have been impacted

  • However, similar exposure risks exist if these systems are publicly accessible

Who May Be at Risk

Any site where an ATG is reachable via public IP (including static IP configurations or port forwarding) may be vulnerable, including:

• ATGs polled via direct IP communication
• Systems exposing FMS (Franklin) or TLS (Veeder-Root) protocols externally

Just to be clear, PDS systems were not impacted — only ATG's that were explicitly exposed to the Internet by opening the firewall and directing inbound traffic to the ATG.

Recommended Security Best Practices

To reduce risk, we strongly recommend the following:

1. Avoid Public Exposure

• Do not expose ATGs directly to the public internet
• Remove any unnecessary port forwarding rules on firewalls or routers

2. Restrict Access

• Limit access to trusted IP addresses using firewall rules or VPNs
• Use private network connectivity wherever possible

3. Avoid Default Configurations

• If remote access is required:

  • Avoid using default ports (e.g., 10001)
  • Change default credentials (if applicable)
  • Implement additional network-layer protections

4. Monitor & Audit

• Periodically review firewall rules and open ports
• Monitor ATG activity for unexpected behavior

PetroDataSync Monitoring Approach

For customers using our cellular monitoring solution:

• ATGs are secure and not exposed to the public internet

• All external communication from PDS equipment is:

  • Encrypted before transmitting
  • Routed through private cellular networks
• This architecture significantly reduces external attack surface

Closing Thoughts

As ATGs become more connected, they also become part of your broader cybersecurity footprint. Even simple exposure to the public internet can introduce risk.

We recommend reviewing your current network configuration to ensure your ATGs are properly secured.

If you have questions or would like help reviewing your setup, our team is happy to assist.