This article is more than 1 year old

Brit mobile pay biz reveals historical cyber attacks, gets smacked in the share price

'Small number' of customers' details in public domain

The share price of mobile payments business Optimal Payments has taken a banging after the company confessed it was only just beginning to investigate historical data breaches, following the discovery of its customers' data being trafficked online.

The British company said that it had only come to know about the data breaches due to media enquiries, although they had occurred several years ago. The Financial Times reported that the company had "confirmed that a 'small number' of [customers'] details are in the public domain, which are allegedly part of a larger database of stolen personal data."

The company was working to establish the number of customers whose data had been stolen, said Elliott Wiseman, Optimal Payments' general counsel and chief compliance officer.

"Shares fell up to 17.9 per cent after the announcement," noted the FT, "but pared back losses to close 7.5 per cent down on Thursday at 321.75p."

The tumble follows another in response to a breach at TalkTalk following what it has claimed was a cyberattack earlier last week. At the time, the CEO of TalkTalk, Dido Harding, had complained that "cyber criminals are becoming increasingly sophisticated and attacks against companies that do business online are becoming increasingly frequent."

To date, two teenage suspects, a 15-year-old and a 16-year-old, have been arrested in connection with the TalkTalk incident.

Optimal stated that it had informed both the Information Commissioner's Office (ICO) and the Financial Conduct Authority about the breaches, according to Reuters, although it is unclear when the company did so as it seems to have only recently been made aware of the breaches.

According to the report, Wiseman said the breaches had not been disclosed before "because investigations at the time found insufficient evidence that the hackers accessed large amounts of data."

Customers have not been contacted regarding the breaches. Wiseman told the FT: "We are taking advice and considering exactly what needs to be done with respect to those potentially impacted." He stressed that “it is too early to say what we will need to do."

The ICO informed the Register it knew of the company's claims and was making enquiries, although it could not offer a statement as of publication.

Companies are not required to publicly admit to data breaches under the UK's Data Protection Act, however their response to breaches of the Act, including whether they have attempted to inform customers, is an aggravating factor which may affect any future penalties issued by the ICO. ®

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like