RBS WorldPay data breach puts 1.5 million cardholders at risk

Graham Cluley
Graham Cluley
@[email protected]

RBS Worldpay, the electronic payment service, has admitted that hackers have broken into its systems and may have accessed the personal information of some 1.5 million cardholders and other individuals. Of these, some 1.1 million people may have had their social security numbers compromised by the hackers.

According to reports, the company informed law enforcement agencies and federal regulators of the incident on 10 November, but it waited until 23 December before issuing a press release and publishing advice to affected customers on its website.

I’m sure that if it had been my confidential information that might have been compromised that I would want to know about it as soon as possible, and I can’t help but think that making a public statement just before a major holiday may fulfil regulatory requirements but may “bury” the bad news from reporters.

Sign up to our free newsletter.
Security news, advice, and tips.

RBS Worldpay is keen to stress that only 100 payroll cards have been used in a fraudulent manner so far, and that they have all been deactivated.

Of course, this isn’t the first time that Worldpay has suffered at the hands of hackers. In 2003 and 2004 the internet payment service was bombarded with distributed denial-of-service attacks that clogged its systems and seriously affected its ability to operate.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.