[BreachExchange] TSYS staff in Belfast and Derry told personal data at risk after ransomware attack

[Inga Goddijn]

https://www.irishnews.com/business/2020/12/22/news/tsys-staff-in-belfast-and-derry-told-personal-data-at-risk-after-ransomware-attack-2167478/

Staff at payments solutions company TSYS in Belfast and Derry have been
told their personal data has likely been compromised after the US-owned
fintech group was targeted in a ransomware attack.

The card processing giant, formerly known as Cayan, first made the move to
the north in 2013.

It was acquired by Total System Services Inc (TSYS) two years ago, and this
year it became part of the Global Payments Inc group.

It employs around 200 people from City Quays 1 in Belfast and Ebrington
Square in Derry, but most staff have been working from home since March.

TSYS has confirmed the attack compromised systems of its “legacy” TSYS
merchant business, understood to relate to the Cayan business.

The company said no data relating to customer card transactions had been
impacted.

TSYS informed its Northern Ireland staff on Wednesday that a ransomware
attack had deleted or encrypted certain files on its systems.

But it said the incident had likely compromised the personal data of its
staff in both Belfast and Derry.

TSYS said the data may include names, addresses, national insurance numbers
and payroll information. But it could also include bank details.

The group said it is not yet aware of any harm caused as a result of the
breach, but said the attackers had made some of the data available on the
internet and threatened to disclose more.

American security journalist Brian Krebs has reported that a cyber criminal
gang known as Conti published 10 gigabytes of data it claimed to have
removed from TSYS’s networks.

Criminal gangs have recently adopted the tactic of partially leaking
sensitive data from companies which refuse to pay for a ransomware
decryption key.

The Irish News understands the attack occurred in mid-November. Staff were
first alerted of a problem towards the end of last month, when they were
unable access the company’s virtual private network (VPN).

They were later asked to unplug all hardware from the internet and told not
to use phone lines for two weeks. They were then instructed to hand back
all computers and laptops to be swapped for new hardware.

Staff were initially briefed about the ransomware attack, but it was last
Wednesday before they were told the breach concerned their own personal
data.

TSYS informed its Belfast and Derry workers it had not been able to
determine exactly what data had been exposed.

The card payments group told The Irish News that it has offered staff
credit monitoring and identity protection services at no cost.

In a statement, TSYS said the ransomware attack hit systems that related to
the functions of its legacy TSYS merchant business.

“We immediately contained the suspicious activity and the business is
operating normally.

“Transaction processing is conducted on separate systems, has continued
without interruption, and no card data was impacted.

“We have provided formal notification to potentially affected team members
in Ireland and offered them credit monitoring and identity protection
services at no cost.

“We regret any inconvenience this issue may have caused. This matter is
immaterial to the company."

TSYS said it had notified the Information Commissioner’s Office of the
attack.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20201222/d0b550ee/attachment.html>