Verifone investigating a breach of its internal network

Payment services are safe, apparently.

Verifone, credit and debit card payments company, is apparently investigating a breach of its internal networks according to a new blog post by Krebs on Security. The blog says the breach might have impacted a number of companies running its PoS solutions, but payment services network was left untouched. 

In January, Verifone sent an email to all of its staff and contractors, calling for an urgent change to all company passwords. 

“We are currently investigating an IT control matter in the Verifone environment,” reads an email memo penned by Steve Horan, Verifone Inc.’s senior vice president and chief information officer. “As a precaution, we are taking immediate steps to improve our controls.”

The email also stated that employees were no longer allowed to install any kind of software on corporate computers or laptops.

“In January 2017, Verifone’s information security team saw evidence of a limited cyber intrusion into our corporate network,” Verifone spokesman Andy Payment said. “Our payment services network was not impacted. We immediately began work to determine the type of information targeted and executed appropriate measures in response. We believe today that due to our immediate response, the potential for misuse of information is limited.”

The spokesperson, however, did not want to say how the company learned of the breach, or if the company was notified from someone on the outside. Krebs on Security claims Visa and Mastercard warned them a few days prior. 

Detailed analysis of the case can be found on this link

Image Credit: Balefire / Shutterstock