Parents Using School Payment Service Have Card Details Compromised

UK school payment service Wisepay has revealed that the card details of parents who made transactions on its site between October 2 and 5 have been compromised.

This was after Wisepay’s website was hacked, resulting in an attacker harvesting payment details via a spoof page. The attack begun on the evening of Friday October 2 and was not noticed until the following Monday morning at 10.00am.

The company, which is “a secure online school payments service, allowing parents and guardians to make cashless payments to their school or college” ranging from exam fees to school meals, temporarily took its site offline in response.

Quoted by the BBC, Wisepay’s managing director Richard Grazier said the site has since come back online and is safe to use. While attempted payments to around 300 schools are believed to have been affected by the attack, Grazier added that “it’s quite a small subset of users of the platform” because the kinds of cashless payments made are not conducted on a daily basis.

Those affected will be identified and contacted by Wisepay.

Commenting on the story, Miles Tappin, VP of EMEA at ThreatConnect said: “The threat landscape for any organization is massive and finding gaps in security is simply a cat and mouse game for hackers. When it comes to financial organizations, they are seen as a lucrative target as they hold highly sensitive information and have a mandate to protect the personal information of their customers. With WisePay being a financial organization aimed at the education sector, this proved to be a gold mine for hackers.

“No company is immune from the dangers of being compromised. It’s essential that any potential target understands as much as they can about the threats they face and the tools needed to ensure they remain secure. Organizations must prioritise knowing where adversaries are, the tools and techniques they use, and what information adversaries think are most valuable.”