SmartPay Reported A Massive Breach And Declared Investigation
Eftpos provider SmartPay disclosed that it lost some client data in a recent cyberattack.
Notably, SmartPay reported it first noticed its system was under attack on June 10, with the ransomware spreading to some systems in New Zealand.
Additionally, the firm said it responded swiftly to contain the incident, engaging Cyber CX to assist and notify respective government authorities for support.
SmartPay Initiate Investigation
The firm’s declared it started investigating immediately it noticed the threat. As a result, it verified that threat actors pilfered data about a group of customers in Australia and New Zealand from New Zealand branch systems.
Subsequently, SmartPay revealed that its top priority in its investigation is to figure out the contents and extent of the data the threat actors stole. According to sources, it added that customers do not need to take any action at this point, and it will get in touch with any customers appropriately if they were one of the victims of the attack.
US Government Agencies Suffered a Global Cyberattack
Last week Friday, several US federal government agencies suffered a global cyberattack by Russian cybercriminals that took advantage of a vulnerability in widely used software.
At the moment, CISA is providing support to several federal agencies that have gone through breaches affecting their MOVEit applications.
CISA’s executive assistant director for cybersecurity, Eric Goldstein said in a briefing that they are working urgently to figure out the impact and ensure timely remediation. Aside from key US government agencies, the regulators claimed the attack affected several hundred corporations and institutions in the US.
Among the multiple federal agencies breached in the ongoing global hacking campaign, the Department of Energy was also impacted, a department spokesperson revealed to the source.
In a press conference with the Australian Securities Exchange [pdf], Smartpay highlighted it doesn’t collect or store individual cardholder data when processing clients’ transactions.