You are here

Verifone has been hit by a data breach at gas stations

Verifone controllers at approximately two dozen gas station convenience stores were targeted by an intrusion in January, reports on the ground of security blog Krebs on Security.

Verifone commented that they “believe” the duration of the attack was short, the extent was limited to its corporate network, no other merchants were affected, and the integrity of their networks and terminals remains intact, in a statement reported by Krebs. The card terminal manufacturer said that it quickly notified card network partners like Visa and Mastercard, had employees reset passwords, and brought in a third-party forensic team.

The type of data affected hinges on Verifone’s defenses. Details on how the attack took place are not yet available, though an internal Verifone memo attributed an "IT control issue." Lack of clarity around the origin and the extent of the attack means that the impact isn't entirely clear.

No adverse effects or misuse of data has been detected from this event — yet . Speculating on Verifone’s worst possible outcome, Krebs quoted a Avivah Litan, a Gartner analyst who noted the attackers may have stolen information about Verifone’s POS systems to create backdoors that “record, store and transmit stolen customer card data.” Though it's unclear what type of data may have been compromised, Stevens told BI Intelligence that the best-case scenario is that just company passwords and nothing more were impacted during or after the breach, but that results remain to be seen.