Payment Processing Giant Breached
Verifone, a major player in the payment processing industry, recently suffered a data breach. The breach took place in January of 2017. In initial reports, the company stated the impact of the breach was minimal, and effected internal company systems only. Meaning none of their Point of Sales (PoS) systems were impacted. Unfortunately, that was not the case. After further investigation, Verifone updated their comments to Krebs on Security to state,
“According to the forensic information to-date, the cyber attempt was limited to controllers at approximately two dozen gas stations, and occurred over a short time frame. We believe that no other merchants were targeted and the integrity of our networks and merchants’ payment terminals remain secure and fully operational.”
Downplaying Breach Effects
Although there are concerns the payment processing giant may be downplaying the impact of the security breach, all accounts show Verifone took appropriate measures upon discovering the security issue. According to Krebs on Security, on January 23, 2017, Verifone contacted all of their staff, as well as contractors stating they had 24 hours to change their passwords. The company has also informed all employees they are no longer authorized to install any software on company devices — desktops and laptops included. It is Verifone’s hope, by mitigating the software installed on company devices they will mitigate their security risks as well.
The company continues to investigate the matter to ensure no other PoS systems were impacted.