Staysure – stolen credit card data of more than 93,000 customers

The UK based Insurance company Staysure has suffered a massive data breach,  stolen credit card data of more than 93,000 customers.

The UK-based Insurance company Staysure has suffered a massive data breach,  the company admitted that its servers were compromised and sensitive financial data of more than 93,000 customers have been stolen.

This means that around seven percent of the customers of Staysure might be impacted, for this reason the company gave them a warning and suggested to carefully monitor their banking accounts.

 

Staysure is offering punters credit company Experian’s credit monitoring service Data Patrol, and it said that a fraud resolution service is also available via telephone.

“In December 2013 we wrote to a group of our customers to tell them that our systems suffered a cyber attack during the second half of October 2013,” “In that attack, encrypted payment card details of customers who purchased insurance from us before May 2012 were stolen, along with CVV details and customer names and addresses. From May 2012 we ceased to store this data.” wrote CEO Ryan Howsam in a blog post.”

Staysure discovered the data breach on November 14 and promptly informed the card issuing bodies and The Financial Conduct Authority, the Information Commissioner’s Office and Law Enforcement.

The credit card details stolen by cyber criminals were encrypted but no news was revealed on the algorithm used by the company, the only certainty is that CVV numbers were in the clear text.

It must be considered that stolen credit card data are precious commodities in the underground market, numerous forums offer them and all the necessary for credit card scams, including anonymizing services, plastics and card number validators. The revelation on the attacks arrive a few weeks after the clamorous data breach to the US  retailer Target.

Staysure company has immediately removed the systems and the applications exploited by the attackers, to avoid further damage to its customers.

“Now any affected customers are being given free access to an identity monitoring service. The company has hired an Independent forensic data experts to fully ascertain the problem. ” states the official security advisory.

As usual if users discover any suspicious activity on their accounts it is indispensable to immediately report to law enforcement and financial institutions, timely action can prevent serious consequences.

Pierluigi Paganini

(Security Affairs –  Staysure, stolen credit card data)