Verifone confirms corporate network was hacked

Global payments processor Verifone has confirmed its corporate network was hacked by unknown attackers targeting the company's merchants.

Verifone spokesperson Andy Payment told iTnews the "cyber incident" took place around two months ago, and affected two dozen American service station convenience stores.

The attack was revealed by infosec journalist Brian Krebs, whose report claimed Russian criminals were attempting to gain access to merchant point of sale terminals.

The incident occurred over an unspecified but short period, Payment said. Verifone identified evidence of a cyber intrusion into the company's corporate network in January this year.

"No other merchants were targeted and the integrity of our payment networks and Verifone’s payment terminals remained secure and fully operational," he said.

Verifone has notified Visa, Mastercard, and other credit card and payments card companies of the attack.

Payment said there was no evidence of adverse events, or abuses of data, stemming from the incident. 

The payments processor has now implemented additional security controls across its corporate networks, and has started work to determine "the type of information that may have been targeted", Payment said.

Krebs obtained and posted an email dated 23 January from Verifone chief information officer Steve Horan that asked staffers to change their login passwords within 24 hours.

Horan also removed Verifone staffers' ability to install additional software of their choice on company laptops and desktops. Those who need non-sanctioned applications will have to go through Verifone's IT service desk in the future, Horan said.

Verifone operates in 150 countries worldwide, including Australia, and has 5300 employees.