CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 31st, 2008

Payment Processor RBS WorldPay Breach Exposes 1.5 Million

RBS WorldPay admitted last week that hackers broke into its systems. RBS WorldPay (www.rbsworldpay.us) is a leading single-source provider of electronic payment processing services. The attack against the electronic payment services firm leaves to to 1.5 million payroll and gift card holders in the US at risk of fraud. Up to 1.1 million social security records were also exposed as a result of the breach.

The affected pre-paid cards include payroll cards and open-loop gift cards. PINs for all PIN-enabled cards are being reset as a precaution. RBS WorldPay has pledged to make sure its customers are not left out of pocket as a result of any fraud stemming from the attack. The firm is also offering 12 months complimentary membership to a credit monitoring service to those whose personal information was exposed as a result of the breach.

RBS WorldPay notified law enforcement and regulators about the attack on 10 November but waited until 23 December before publishing advice to potentially affected customers. The timing of its announcement raises suspicions that the firm is releasing bad news at a time when it is likely to go largely unnoticed.

The attack has been linked to the fraudulent misuse of 100 payroll cards, all of which have since been deactivated. Details of the attack itself, much less who might have pulled it off, remain sketchy.

RBS WorldPay has pledged to improve its security defenses to prevent similar attacks in future. RBS WorldPay has urgently taken a number of important steps to mitigate risk in response to this situation. The issue, which affected pre-paid cardholders and other individuals, was identified on November 10 and law enforcement agencies and federal regulators were notified by RBS WorldPay shortly thereafter. RBS WorldPay’s internal security professionals and outside experts are working with federal and state law enforcement authorities in an investigation of this event.

RBS WorldPay’s statement on the attack, and its response, can be found at http://www.rbsworldpay.us/RBS_WorldPay_Press_Release_Dec_23.pdf

Share this item with others:

More on CyberInsecure:
  • AlertPay.com Hit By A Massive DDoS Attack, Outage Took A Day To Resolve
  • Spanish Payment Breach Prompts Huge German Card Recall
  • Malware Found In Heartland Bank Card Payment System
  • Heinemann-Raintree Reports a Year And A Half Old Breach in Their E-commerce Website
  • 4.2 Million Records Stolen In Supermarket Data Breach

    • Posted in Breaches And Incidents, Data Theft, Privacy | Print This Post Print This Post

    This entry was posted on Wednesday, December 31st, 2008 at 7:49 am and is filed under Breaches And Incidents, Data Theft, Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Payment Processor RBS WorldPay Breach Exposes 1.5 Million

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »