Sunday, June 13, 2021
Home Cyber Security Wisepay: a school payment service targeted by a cyber-attack

Wisepay: a school payment service targeted by a cyber-attack

Parents who have made payments to UK schools via the Wisepay programme in recent days have been alerted that their card details have been compromised.

Wisepay said that the hack of his website meant that the attacker was able to collect payment details between 2 and 5 October via a spoof page.

Attempted payments to about 300 schools have been hit by the scam.

Yet the company said that only a limited percentage of pupils’ parents would have used the system before it was taken offline.

Its managing director said this was because the kind of cashless payments made-including exam fees and school meals-would not be made on a daily basis.

“Right now, it’s quite a small subset of platform users,” said Richard Grazier.

The attack occurred on Friday night and was not observed until 10:00 BST on the following Monday morning.

The website of Wisepay was taken down at that point, Mr Grazier said.

It had come back online ever since, and was safe to use now, he said.

•             Bank details exposed in Blackbaud charities hack

•             Blackbaud hack: More UK universities confirm the breach

Mr Grazier said the hacker had managed to find a “backdoor” into the system’s database and had modified one page.

As a result, whenever users clicked to make a payment, they were redirected to an external page controlled by the attacker.

This was “spoofed” to appear like a legitimate payment page-but everyone who entered their debit or credit card details was effectively sending them to the cyber-criminal.

It’s early days, but it seems that Wisepay may have been the target of a credit card skimming attack often referred to as a Magecart hack.

Attackers did not break into any databases to steal the details, they took over the live payment page.

So if I paid for a service at my son’s school during the time the hackers were in control of that page, they would have access to all my credit card details when I entered the system.

This attacks never last for a long time since hackers are usually found fairly easily and kicked out of the system. Cybercriminals would also choose targets for highly active payment systems. As an organisation offering payment services to multiple schools and colleges, Wisepay may have become a worthy target.

Investigators, including the Information Commissioner’s Office, will also attempt to figure out how many customers lost their credit card information in the three days after the attack.

Larger Magecart hacks have proved to be extremely successful for attackers. In 2018, about 400,000 consumers had their credit card details stolen as the British Airways website had been similarly compromised for around 15 days.

In that case, the ICO said that it intends to fine BA with a record of £183 m – but it is yet to be concluded.

Wisepay said that he did not keep any payment details on his own and that he had not leaked any of his own records.

However, in a letter to the school, it recommended that parents who felt they could be affected should pause or cancel their bank cards and change any online banking passwords.

The Information Commissioner said that Wisepay had notified it of a “possible breach of data and we will carry out further enquiries.”

The company also said that it had contacted the police and had “engaged a computer forensic expert” whose work was ongoing.

Khushbu Soni
Chief Editor - CIO News | Founder & CEO - Mercadeo


Please enter your comment!
Please enter your name here

- Advertisment -WhatsApp Image 2020 11 10 at 1.52.58 PMWhatsApp Image 2020 11 10 at 1.52.58 PMWhatsApp Image 2020 11 10 at 1.52.58 PMWhatsApp Image 2020 11 10 at 1.52.58 PM

Most Popular

Driverless passenger car technology to be developed by Huawei by 2025

Expected to bring a sea change to the transportation industry, works on self-driving vehicle systems or driverless passenger car technology are...

Machine learning and mathematics notwithstanding, India lags in data skills

Despite having high proficiency in machine learning and mathematics, India ranks 67th globally, with 38 per cent proficiency and mid-rankings globally...

Cyber-security: India, Australia to broad-base cooperation

Cyber-security: India, Australia to broad-base cooperation

Cloud modernisation journey: Cognizant forms a unit with Google Cloud

Cloud modernisation journey: Cognizant forms a unit with Google Cloud

Recent Comments