The UK based Insurance company Staysure has suffered a massive data breach, stolen credit card data of more than 93,000 customers.
The UK-based Insurance company Staysure has suffered a massive data breach, the company admitted that its servers were compromised and sensitive financial data of more than 93,000 customers have been stolen.
This means that around seven percent of the customers of Staysure might be impacted, for this reason the company gave them a warning and suggested to carefully monitor their banking accounts.
Staysure is offering punters credit company Experian’s credit monitoring service Data Patrol, and it said that a fraud resolution service is also available via telephone.
“In December 2013 we wrote to a group of our customers to tell them that our systems suffered a cyber attack during the second half of October 2013,” “In that attack, encrypted payment card details of customers who purchased insurance from us before May 2012 were stolen, along with CVV details and customer names and addresses. From May 2012 we ceased to store this data.” wrote CEO Ryan Howsam in a blog post.”
Staysure discovered the data breach on November 14 and promptly informed the card issuing bodies and The Financial Conduct Authority, the Information Commissioner’s Office and Law Enforcement.
The credit card details stolen by cyber criminals were encrypted but no news was revealed on the algorithm used by the company, the only certainty is that CVV numbers were in the clear text.
It must be considered that stolen credit card data are precious commodities in the underground market, numerous forums offer them and all the necessary for credit card scams, including anonymizing services, plastics and card number validators. The revelation on the attacks arrive a few weeks after the clamorous data breach to the US retailer Target.
Staysure company has immediately removed the systems and the applications exploited by the attackers, to avoid further damage to its customers.
“Now any affected customers are being given free access to an identity monitoring service. The company has hired an Independent forensic data experts to fully ascertain the problem. ” states the official security advisory.
As usual if users discover any suspicious activity on their accounts it is indispensable to immediately report to law enforcement and financial institutions, timely action can prevent serious consequences.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.