Stories
Slash Boxes
Comments

SoylentNews is people

Payments Giant Verifone Investigating Breach

posted by cmn32480 on Friday March 10 2017, @09:18AM   Printer-friendly
from the give-them-a-little-credit dept.

Fnord666 writes:

Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions, according to sources. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted.

San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations.

On Jan. 23, 2017, Verifone sent an “urgent” email to all company staff and contractors, warning they had 24 hours to change all company passwords.

“We are currently investigating an IT control matter in the Verifone environment,” reads an email memo penned by Steve Horan, Verifone Inc.’s senior vice president and chief information officer. “As a precaution, we are taking immediate steps to improve our controls.”

[...] Asked about the breach reports, a Verifone spokesman said the company saw evidence in January 2017 of an intrusion in a "limited portion" of its internal network, but that the breach never impacted its payment services network.

"In January 2017, Verifone's information security team saw evidence of a limited cyber intrusion into our corporate network," Verifone spokesman Andy Payment said. "Our payment services network was not impacted. We immediately began work to determine the type of information targeted and executed appropriate measures in response. We believe today that due to our immediate response, the potential for misuse of information is limited."

[...] Update, 1:17 p.m. ET: Verifone circled back post-publication with the following update to their statement: “According to the forensic information to-date, the cyber attempt was limited to controllers at approximately two dozen gas stations, and occurred over a short time frame. We believe that no other merchants were targeted and the integrity of our networks and merchants’ payment terminals remain secure and fully operational.”

Sources told KrebsOnSecurity that Verifone commissioned an investigation of the breach from Foregenix Ltd., a digital forensics firm based in the United Kingdom that lists Verifone as a “strategic partner.” Foregenix declined to comment for this story.

Source:

https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Payments Giant Verifone Investigating Breach | Log In/Create an Account | Top | 1 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Friday March 10 2017, @11:00AM

    by Anonymous Coward on Friday March 10 2017, @11:00AM (#477307)

    Verifone spokesman Andy Payment

    I wonder if there's any relation to that Subway corpo-humanoid [wikia.com].