Wisepay is a school payment platform through which parents can pay for school meals, trips, club activities, etc. Earlier in October this year, the company detected a Magecart skimmer on its website leaking credit card numbers.
According to BBC, it is suspected that payments to nearly 300 UK schools must have been affected by the cyberattack on 2 Oct. The attacker was able to obtain payment details through a fake page until 5 Oct.
The firm revealed that data from an undisclosed number of transactions may be stolen. The users may have thought that they were making legit payments, but in reality, their payments were redirected to a malicious external page designed as a genuine Wisepay page.
This is what happens in a Magecart hack where attackers don’t break into databases for stealing the information but take over the live payment page.
According to Richard Grazier, Wisepay’s managing director, a backdoor in its database is responsible for compromising its website. Grazier also confirmed to BBC that a small subset of its users might have noticed it because the attack occurred on Friday night and was discovered on Monday morning.
During the weekend, fewer payments would have been processed since cashless payments to cover things like school meals or exams aren’t processed daily.
The website was immediately taken offline on Monday to resolve the issue. It is now back online and functioning normally.
The Information Commissioner’s Office and the police were informed about the incident. Wisepay has roped in a computer forensics expert too.
In a conversation with Hackread.com, Anurag Kahol, CTO at Bitglass said that:
Payment card-skimming malware continues to be a security challenge for retailers around the globe. Unfortunately, when armed with payment card information or personally identifiable information (PII), malicious parties can make fraudulent purchases, sell said data on the dark web for a quick profit, and much more.
A staggering 59% of consumers reuse passwords across multiple accounts. This means that if a cybercriminal appropriates a single password, they can potentially gain access to a user’s accounts across a number of retailers and services where the said password is reused. Users impacted by this incident should change their passwords on all of the accounts where they use these now exposed credentials, and avoid reusing passwords across different accounts altogether, Anurag advised.
Companies must deploy security solutions that can prevent data leakage; for example, cloud access security brokers (CASBs) that provide features like cloud security posture management (CSPM), data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption of data at rest. With these types of capabilities, businesses and consumers can be certain that their data is truly secure as they make purchases, added Anurag.