Following hot on the heels of the Heartland Payments Systems data breach, which compromised nearly every payment card in America, news broke yesterday on New York's Fox 5 that RBS WorldPay not only had the data hacked for around 1.5 million payroll and gift cards back on December 23rd, but also that the mag stripe and other information must have been gained as well.
Shortly after midnight Eastern Time on November 8th, a co-ordinated global attack took place in thirty minutes withdrawing $9 million from ATMs by lifting the limits on each card:
More than 130 ATMs in 49 cities from Moscow to Atlanta were hit simultaneously.
It is interesting that this is a bit worse than the RBS press release made out back in December:
"RBS WorldPay (formerly RBS Lynk), the U.S. payment processing arm of The Royal Bank of Scotland Group, today announced that its computer system had been improperly accessed by an unauthorized party.
RBS WorldPay has urgently taken a number of important steps to mitigate risk in response to this situation. The issue, which affected pre-paid cardholders and other individuals, was identified on November 10 and law enforcement agencies and federal regulators were notified by RBS WorldPay shortly thereafter …
"Actual fraud has been committed on approximately 100 cards. Cardholders will not be responsible for unauthorized activity associated with this event. Certain personal information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1 million people may have been accessed."
100 cards, 130 ATMs, 49 cities, $9 million.
Although using mules to get cash across different countries is not unusual, the code breaking on gift and payroll cards to lift the card limits is more unusual.
And it's more bad news for RBS after their Chairman, Sir Tom McKillop, stepped down early yesterday after disappointing shareholders over his poor management of Sir Fred Goodwin.