Systems East, a New York-based e-payments provider, has been hit by a cyberattack. The perpetrators stole encrypted databases with user payment card data.
The company noticed unauthorized activity in its systems on August 25th. According to System East’s breach notification letter sent to affected individuals, the breach was “temporary.” However, attackers did get their hands on a trove of data.
“In response, we undertook a review of what occurred and identified that an unknown individual copied an encrypted database file that contained your name and payment card information. We cannot confirm whether the unknown individual could decrypt that information,” the company said.
The information that Systems East submitted to the Maine Attorney General indicates that 209,328 individuals were affected by the cyberattack.
Losing PII poses significant risks to affected people, as impersonators can use the stolen data for identity theft. Sensitive personal data and stolen payment cards can also be used to make fraudulent payments.
Systems East stressed that the stolen database did not contain additional information required to process a payment card transaction, such as “address or contact information, card verification value or security code, or magnetic stripe data.”
Trading in illegal payment card numbers can be a profitable affair for threat actors. For example, research shows that the price of American payment card details on the dark web varies from $1 to $12.
More from Cybernews:
Subscribe to our newsletter