RBS WorldPay data breach puts 1.5 million cardholders at risk

by Graham Cluley on December 26, 2008 | Comments Off

Filed Under: Data loss

RBS Worldpay, the electronic payment service, has admitted that hackers have broken into its systems and may have accessed the personal information of some 1.5 million cardholders and other individuals. Of these, some 1.1 million people may have had their social security numbers compromised by the hackers.

According to reports, the company informed law enforcement agencies and federal regulators of the incident on 10 November, but it waited until 23 December before issuing a press release and publishing advice to affected customers on its website.

I'm sure that if it had been my confidential information that might have been compromised that I would want to know about it as soon as possible, and I can't help but think that making a public statement just before a major holiday may fulfil regulatory requirements but may "bury" the bad news from reporters.

RBS Worldpay is keen to stress that only 100 payroll cards have been used in a fraudulent manner so far, and that they have all been deactivated.

Of course, this isn't the first time that Worldpay has suffered at the hands of hackers. In 2003 and 2004 the internet payment service was bombarded with distributed denial-of-service attacks that clogged its systems and seriously affected its ability to operate.

Tags: , , ,

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.