Feeds

RBS WorldPay breach exposes 1.5 million

Payment processor buries bad news

Providing a secure and efficient Helpdesk

RBS WorldPay belatedly admitted last week that hackers broke into its systems.

The attack against the electronic payment services firm leaves to to 1.5 million payroll and gift card holders in the US at risk of fraud. Up to 1.1 million social security records were also exposed as a result of the breach.

The affected pre-paid cards include payroll cards and open-loop gift cards. PINs for all PIN-enabled cards are being reset as a precaution. RBS WorldPay has pledged to make sure its customers are not left out of pocket as a result of any fraud stemming from the attack. The firm is also offering 12 months complimentary membership to a credit monitoring service to those whose personal information was exposed as a result of the breach.

RBS WorldPay notified law enforcement and regulators about the attack on 10 November but waited until 23 December before publishing advice to potentially affected customers. The timing of its announcement raises suspicions that the firm is releasing bad news at a time when it is likely to go largely unnoticed.

The attack has been linked to the fraudulent misuse of 100 payroll cards, all of which have since been deactivated.

Details of the attack itself, much less who might have pulled it off, remain sketchy. RBS WorldPay has pledged to improve its security defences to prevent similar attacks in future.

RBS WorldPay's statement on the attack, and its response, can be found here (PDF). ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.