Verifone Falls to the Empire

Et tu, Verifone?

The payments giant is the latest high-profile target of a breach, according to Brian Krebs. It's a turn of events that makes me long for the old days, before the bad times. Before the great ones seemed to fall regularly to the stabbing knives of hackers. 

To put it in perspective, Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis and fuel stations. On Jan. 23, 2017, Verifone sent an “urgent” email to all company staff and contractors, warning they had 24 hours to change all company passwords.

It then came out that it’s investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions, according to Kreb’s sources. Verifone though says the extent of the breach was limited to its corporate network and that its payment services network was not impacted.

“In January 2017, Verifone’s information security team saw evidence of a limited cyber intrusion into our corporate network,” Verifone spokesman Andy Payment told Krebs. “Our payment services network was not impacted. We immediately began work to determine the type of information targeted and executed appropriate measures in response. We believe today that due to our immediate response, the potential for misuse of information is limited.”

And can I take a moment to point out that Verifone’s spokesperson is named Payment?? Was that intentional? It is a nom du guerre? A happy coincidence? A matter of fate?

At any rate, John Gunn, CMO, VASCO Data Security, told us, C3PO-like, that the situation, whatever the facts here end up being, is that we’re all basically doomed.

"Breaches will remain a permanent part of our 21st century existence and hackers will maintain an advantage,” he said, cheerily. “They constantly probe for weaknesses in access controls, authentication methods, and other areas so that they can launch focused attacks using all of their means against specific weaknesses while the good guys are forced to spread their resources across a seemingly limitless number of potential vulnerabilities."

What’s Hot on Infosecurity Magazine?