ISR News: WorldPay (CORRECTION: NOT PROPAY) Suffers $9M Heist

(CORRECTING EARLIER POST ON INFORMATION-SECURITY-RESOURCES.COM – NOT PROPAY IDENTIFIED IN DATA SECURITY BREACH)

Excerpts From Blog.Wired.com


A carefully coordinated global ATM heist last November resulted in a one-day haul of $9 million in cash, after a hacker penetrated a server at payment processor RBS WorldPay, New York’s Fox 5 reports. 

RBS WorldPay announced on December 23 that they’d been hacked, and personal information on approximately 1.5 million payroll-card and gift-card customers had been stolen. (Payroll cards are debit cards issued and recharged by employers as an alternative to paychecks and direct-deposit.) Now we know that account numbers and other mag-stripe data needed to clone the debit cards were also compromised in the breach. 

At the time, the company said it identified fraudulent activity on only 100 cards, making it sound like small beans. But it turns out the hacker managed to lift the withdrawal limits on those 100 cards, before dispatching an global army of cashers to drain them with repeated rapid-fire withdrawals. More than 130 ATMs in 49 cities from Moscow to Atlanta were hit simultaneously just after midnight Eastern Time on November 8. 

A class action lawsuit has been filed against RBS WorldPay on behalf of consumers.

 

Comments from Anthony M. Freed, Information-Security-Resources.com Financial Editor:

This illustrates that even with the knowledge of a breach, the vulnerability to theft and fraud may remain for an indeterminable period of time, and this can create unease amongst stakeholders.

The markets hate uncertainty.

When the known quantities begin to add up in the tens of millions in real losses, coupled with a marked decline in stock prices, it’s time for leaders industry-wide to take affirmative steps to ensure that capital flows freely into information security technology, regardless shrinking budgets plaguing industries in the midst of this economic downturn. The alternative is to face ever bigger hits to value.

The costs of this breach have yet to be tallied, as it may take years for the full impact to be revealed, but there is ample time and there are already the tools available to reduce these risks significantly, and an investment has to be made today or we are guaranteed losses tomorrow.

Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.

(WorldPay was previously identified in this story as “ProPay” by mistake for a short time – the editors apologize for any confusion or inconvenience)

Add Photos & Videos NP NowPublic

Tags: | | | | | | | |

This entry was posted on Wednesday, February 4th, 2009 at 5:38 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to ISR News: WorldPay (CORRECTION: NOT PROPAY) Suffers $9M Heist

  1. Jimmy Jackson says:
    February 5, 2009 at 7:00 pm

    That was frightenly coordinated.

    Reply
  2. ceritaku says:
    February 6, 2009 at 2:13 am

    your site is very interesting.

    Reply
  3. Jak says:
    February 6, 2009 at 5:22 am

    Thank you for this thorough and useful explanation

    Reply
  4. Steve Jones says:
    February 11, 2009 at 11:07 pm

    Nice post!

    Reply
  5. Swine Flu Symptoms says:
    May 11, 2009 at 1:38 pm

    Very nice information. Thanks for this.

    Regards,
    Mike

    Reply

Leave a comment