AskCyberSecurity.com

Cyber Security News & Information

AskCyber Home » News » News » Wisepay School Payment Service Attacked – Credit Cards Stolen

Wisepay School Payment Service Attacked – Credit Cards Stolen

by

Wisepay Magecart

Credit Cards Stolen in Magecart Weekend Attack Affecting 300 Schools

Cybercriminals stole payment card numbers in a weekend Magecart attack on Wisepay. The attackers set up a spoof website to trick Wisepay users into entering in payment card information into a fake payment portal.

About 300 schools were impacted by the Wisepay Magecart cyberattack. The company provides a web payment portal to schools so they can collect money for meals, trips, sporting events, and other bookings.

Magecart is a type of malware used to steal credit cards from eCommerce websites. Magecart cyber criminals inject computer code into websites. The malware lives on the website and quietly steals sensitive information including payment cards unbeknownst to the website owner or the website user. Magecart is not associated with anyone hacking group.

The attackers used URL manipulation to send parents from Wisepay to a spoofed payment card processing web page. If the user entered in their credit card information and details on this spoof web page, the payment card information was sent immediately to the hackers.

About Wisepay

Wisepay is an online, web-based payment portal used by schools. It lets parents, students, and others deposit money for students to use at schools for meals and other expenses. The company does not retain any sensitive data like payment card numbers.

Wisepay does not collect and process payment cards on behalf of the schools. The company acts as a gateway between schools and parents and pass along the payment card processing to Sagepay, according to the report in The Register.

The attack began on 2 October and was stopped on 5 October when Wisepay staff noticed it. Attackers often launch cyberattacks on weekends when IT staff is most likely at its lowest. Wisepay took its website offline after they learned about the attack. The website’s ‘down for maintenance’ notice is removed, and the web service is back online now

The UK Information Commissioner’s Office was notified of the data breach incident. Wisepay Is working with a third-party service to investigate the cyber attack.

Read more about Magecart

Wisepay Cyberattack  – How Do I Protect My Money?

People impacted by the Wisepay data breach have already been contacted. If you suspect that

  1. Check your bank for suspicious activity
  2. If you paid by credit card, check your monthly statement for any fraudulent charges
  3. Set up identity theft and fraud alert monitoring to protect your information and money
  4. Check your credit report for any accounts that you do not own
  5. Monitor your credit limits. Sometimes hackers raise credit limits on existing accounts rather than open new ones

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers