SAN JOSE, Calif. — Verifone Inc. is investigating a breach of its internal computer networks that has allegedly impacted multiple companies using the credit and debit card payments company's point-of-sale solutions.
Verifone stated that the breach was limited to its corporate network and that its payment services network was not impacted, reported Krebs On Security.
On Jan. 23, Verifone sent an email to all company staff and contractors notifying them that they had 24 hours to change all company passwords.
"We are currently investigating an IT control matter in the Verifone environment," wrote Steve Horan, senior vice president and chief information officer for Verifone. "As a precaution, we are taking immediate steps to improve our controls."
Later, Verifone spokesman Andy Payment stated that Verifone saw evidence of intrusion in a "limited portion" of its internal network, but that this never impacted the payment services network.
"In January 2017, Verifone's information security team saw evidence of a limited cyber intrusion into our corporate network," Payment said. "Our payment services network was not impacted. We immediately began work to determine the type of information targeted and executed appropriate measures in response. We believe today that due to our immediate response, the potential for misuse of information is limited."
The breach affected a customer support unit based in Clearwater, Fla., that provides comprehensive payment solutions to gas stations throughout the United States, including pay-at-the-pump credit card processing, cash registers inside the store, customer loyalty programs and remote technical support, according to the report.
Krebs stated that a source claimed that Verifone shared evidence with Visa and MasterCard that a Russian hacking group that targets payment providers and hospitality firms had intruded on its internal network.
"According to the forensic information to-date, the cyber attempt was limited to controllers at approximately two dozen gas stations, and occurred over a short time frame," Payment said in an update to Verifone's initial statement. "We believe that no other merchants were targeted and the integrity of our networks and merchants' payment terminals remain secure and fully operational."
Sources told the news outlet that Verifone has commissioned an investigation of the breach from Foregenix Ltd., a United Kingdom-based digital forensics firm.