The Hackr

Payments Giant Verifone Has Been Hit By A Massive Data Breach

Verifone, famously known for its secure electronic Point-Of-Sale otherwise known as POS solutions, services in the field of electronic payment transactions, has been hit by a internal computer network breach. According to Brian Krebs, a cyber-security journalist has reported although it happened last year, the compay remained oblivious about it until January 2017.

verifone logo

After the mishap, Verifone sent an urgent email to its employees and contractors on 23 January 2017 stating them to change all the passwords associated with the firm within 24 hours. The email was written by the senior Vice President and Chief Information Officer of Verifone, Steve Horan.

We are currently investigating an IT control matter in the Verifone environment. As a precaution, we are taking immediate steps to improve our controls.

To How Much Extent Verifone was Affected?

It must also be noted that Verifone is a high profile American firm that is considered to be on of the leading providers of credit card terminals and POS solutions aiding customers to swipe and process credit and debit card payments across a variety of businesses including gas stations, retailers, taxis and what not!

It is also being reported that the breach impacted some firms that utilise Verifone’s point of sale solutions. Whereas in middle, San Jose, California based Verifone node has categorically stated that the breach’s scope was limited to its corporate network. Whereas the payment services system wasn’t affected at all.

Krebs narrated the chain of events in his blog post citing that Verifone is investigation the data breach in a secretive manner.

As per the memo, Verifone’s staff weren’t able to install any software on their company laptops or the workstations. This indicated that the breach occurred by downloading malware. Verifone was informed about the breach other firms in the same field, Mastercard and Visa just after they sent out the email.

Krebs also cited a source according to which the breach has affected the customer support unit of Verifone, which is based in Clearwater, Florida. This unit provides payment solutions to petrol and gas stations across the USA including the pay-at-the-pump credit card processing system, manual cash registers that are installed inside the fuel station’s store, remote technical support and customer loyalty programs.

Verifone Hired Forensics

To investigate the above mishap, Verifone has hired its strategic partner, a UK based digital forensics firm Foregenix Ltd. for the investigation of this breach.

UPDATE The attempt was limited to controllers at approximately two dozen gas stations and occured over a short time frame. No other merchants or the integrity of Verifone’s networks nor the merchant’s payment terminals were compromised and they remain secure and fully operational!



The hacking trend these days has definitely turned criminal because of e-commerce ¯\_(ツ)_/¯