Eftpos Provider Smartpay Suffers Ransomware Attack
Sunday, 18 June 2023
Eftpos provider Smartpay has stated that criminals have stolen customer data in a ransomware attack last week. Despite customer data being compromised, Smartpay remains confident that no credit card data was harvested. The firm is directly contacting customers affected by the breach.
"On Saturday, 10 June 2023, Smartpay discovered that it was experiencing a ransomware cyber incident affecting some systems in New Zealand. In response to this incident, Smartpay took immediate steps to contain the incident, engaged cyber security specialists, CyberCX, and are working with the relevant government authorities," reads a statement written by Smartpay.
The statement continued, mentioning that "On Friday, 16 June 2023, our ongoing investigation confirmed that criminals have stolen information pertaining to a group of customers in Australia and New Zealand from our New Zealand systems. Understanding the contents and extent of that data theft is now the highest priority of our investigation."
A Smartpay spokesman declined to comment on the ransom amount being demanded, and also refused to state whether or not negotiations were taking place. The full list of customers affected was still being determined at the time the comment was made.
This incident is part of a renewed wave of cyber attacks on New Zealand businesses. In March, a different Eftpos provider, Windcave, was a victim of a cyber attack. Shortly following, a separate attack in March saw Latitude Financial expose the private information of 8 million individuals across New Zealand and Australia. Plus earlier this month the IT supplier for Fire and Emergency New Zealand was hit by a cyberattack.
"Ransomware attacks are disruptive, cause an economic hit, result in individuals' information being exposed, and can even put lives at risk," Emsisoft threat analyst Brett Callow stated on Friday. "And, unfortunately, we seem to have made very little headway in tackling the problem. When I say ‘we’, I really mean governments worldwide."
"Ransomware is far too profitable to simply go away, and we need new strategies including, in my opinion, placing more restrictions on the circumstances in which companies are permitted to pay. At the end of the day, attacks happen for one reason and one reason only: money. Reduce the money, and you’ll reduce the volume of attacks."