Update on 2009-2010 Data Breaches
Nov 30, 2015
LONDON and MONTREAL (30 November 2015) – Further to the announcement on 29 October 2015 relating to historic personal data breaches, Paysafe Group Plc (LSE AIM: PAYS “Paysafe”, the “Group” or the “Company”), can update on the findings of its investigation, which are as follows:
• The illegally-obtained data in the hands of third parties relates to limited account details from 3.6m NETELLER accounts and basic personal details relating to 4.2m Skrill accounts. Less than 2% of those NETELLER and Skrill accounts were active in the six months to 1 November 2015. Such data does not include passwords, card data or bank account information. Paysafe engaged a major accounting firm as part of its investigation, which has verified these findings.
• The Company believes that this data emanated from the cyber-attacks in 2009 and 2010 and is not aware of any similar breaches since that time.
• The Company is confident that this data will not in itself allow any existing NETELLER or Skrill customer accounts to be accessed.
As previously announced on 29 October 2015, in 2010 the Company’s subsidiary NETELLER was the target of a cyber-attack, which resulted in certain customer information being stolen. NETELLER reported this to the appropriate authorities at the time, and a third-party, independent forensic report was undertaken by a major accounting firm. The recommendations of the report were then followed and security was significantly strengthened with the aim of taking NETELLER beyond the industry standard.
The Company became aware that around 1,500 customers subsequently had their accounts compromised following the 2010 cyber-attack. The Company immediately took action to restore these accounts and all customers were reimbursed. The Company is not aware of any other remimbursal requests related to this incident since 2011.
In 2015, the Company bought Skrill Group. Skrill (then operating as Moneybookers) had experienced a cyber-attack in 2009, which resulted in customer information being stolen. As with NETELLER, Skrill reported the hack to appropriate authorities at the time. A third-party, independent forensic report was undertaken by a major accounting firm. The recommendations of this report were then followed and security was also significantly strengthened.
The Group’s executive management team, IT leadership and security protocols and standards have changed considerably since the breaches more than five years ago. The significant investment made to cybersecurity in recent years will continue into the future as Paysafe works to ensure it has the appropriate systems in place to defend against cybersecurity threats.
Paysafe Group Plc (formerly Optimal Payments Plc) is a global provider of online payment solutions, trusted by businesses and consumers in over 200 countries and territories to move and manage billions of dollars each year. Merchants use Paysafe's services and gateway platforms and innovative prepaid products and solutions to simplify how they accept credit and debit card, direct‑from‑bank, and alternative and local payments; while Paysafe's NETELLER®, Skrill® and paysafecard® services are used by merchants to increase revenues and capture new customers. Consumers use the multilingual and multicurrency NETELLER, Net+® Card, Skrill and Skrill Card stored-value offerings and the paysafecard prepaid solutions to make secure and convenient payments and payolution® for their invoices and instalment payments. Paysafe also supports a wide variety of prepaid programmes - from white-label prepaid cards to bespoke solutions.