Poker News Daily

Paysafe Acknowledges Hacking Led to NETeller, Skrill Data Breach in 2009-2010

Paysafe Group Plc, parent of e-wallets NETeller and Skrill, has acknowledged that millions of customers had their personal information put at risk during two hacking events in 2009 and 2010. The admission of the hacking comes about a month after the initial revelation of the data breach.

A total of 7.8 million Paysafe customers had some sort of data compromised: 3.6 million were NETeller customers, while the remaining 3.6 million were Skrill accounts. It should be noted, though, that Skrill was not a part of Paysafe when the hacks occurred. Skrill was acquired by Optimal Payments in August; Optimal changed its name to Paysafe Group in November.

The company says that none of the information stolen included ultra-sensitive things like bank account numbers, passwords, or card data. 1,500 customers did have their accounts compromised at some point following the cyber attacks; Paysafe implies that this did involve funds being stolen, as it said, “all customers were reimbursed.”

Below is the press release issued by Paysafe regarding the data breaches, in its entirety:

LONDON and MONTREAL (30 November 2015) – Further to the announcement on 29 October 2015 relating to historic personal data breaches, Paysafe Group Plc (LSE AIM: PAYS “Paysafe”, the “Group” or the “Company”), can update on the findings of its investigation, which are as follows:

• The illegally-obtained data in the hands of third parties relates to limited account details from 3.6m NETELLER accounts and basic personal details relating to 4.2m Skrill accounts. Less than 2% of those NETELLER and Skrill accounts were active in the six months to 1 November 2015. Such data does not include passwords, card data or bank account information. Paysafe engaged a major accounting firm as part of its investigation, which has verified these findings.

• The Company believes that this data emanated from the cyber-attacks in 2009 and 2010 and is not aware of any similar breaches since that time.

• The Company is confident that this data will not in itself allow any existing NETELLER or Skrill customer accounts to be accessed.

As previously announced on 29 October 2015, in 2010 the Company’s subsidiary NETELLER was the target of a cyber-attack, which resulted in certain customer information being stolen. NETELLER reported this to the appropriate authorities at the time, and a third-party, independent forensic report was undertaken by a major accounting firm. The recommendations of the report were then followed and security was significantly strengthened with the aim of taking NETELLER beyond the industry standard.

The Company became aware that around 1,500 customers subsequently had their accounts compromised following the 2010 cyber-attack. The Company immediately took action to restore these accounts and all customers were reimbursed. The Company is not aware of any other reimbursal requests related to this incident since 2011.

In 2015, the Company bought Skrill Group. Skrill (then operating as Moneybookers) had experienced a cyber-attack in 2009, which resulted in customer information being stolen. As with NETELLER, Skrill reported the hack to appropriate authorities at the time. A third-party, independent forensic report was undertaken by a major accounting firm. The recommendations of this report were then followed and security was also significantly strengthened.

The Group’s executive management team, IT leadership and security protocols and standards have changed considerably since the breaches more than five years ago. The significant investment made to cybersecurity in recent years will continue into the future as Paysafe works to ensure it has the appropriate systems in place to defend against cybersecurity threats.

Exit mobile version