Updates to the 2009-2010 Paysafe Hack
Monday November 30,2015 : HACKING UPDATE FROM PAYSAFE GROUP
Limited and basic data stolen in 2009 – 2010 hack.
Paysafe, the parent group for online processors Neteller, Skrill and other companies, issued an update Monday on its investigation into a hack believed to have taken place in 2009 – 2010.
The hack was publicly reported at the end of last (October) month, and the company says that its investigations have shown that data stolen relates to limited account details from 3.6 million Neteller accounts and basic personal details relating to 4.2 million Skrill accounts.
Less than 2 percent of the accounts were active in the six months to 1 November 2015, the company claims, emphasising that such data does not include passwords, card data or bank account information.
Paysafe engaged a major accounting firm as part of its investigation, which has verified these findings:
• The Company believes that this data emanated from the cyber-attacks in 2009 and 2010 and is not aware of any similar breaches since that time.
• The Company is confident that this data will not in itself allow any existing Neteller or Skrill customer accounts to be accessed.
Neteller reported the hack to the authorities and commissioned a third-party, independent forensic report by a major accounting firm. The recommendations of the report were then followed and security was significantly strengthened, the company says.
In a statement Monday, Paysafe says that it became aware that around 1,500 customers subsequently had their accounts compromised following the 2010 cyber-attack. It immediately took action to restore these accounts and all customers were reimbursed. Management is not aware of any other reimbursal requests related to this incident since 2011.
Skrill, which Paysafe acquired in earlier this year, was the subject of a cyber attack in 2009 in which customer information was stolen. The incident was reported at the time and an independent investigation was followed by strengthened security measures.
"The Group's executive management team, IT leadership and security protocols and standards have changed considerably since the breaches more than five years ago," Monday's statement advises. "The significant investment made to cybersecurity in recent years will continue into the future as Paysafe works to ensure it has the appropriate systems in place to defend against cybersecurity threats."