Paysafe confirms 7.8m accounts breached in data leak

Payment firm says it will continue to invest in cybersecurity to safeguard against future attacks 

The Paysafe Group has confirmed 7.8 million accounts were subject to a data breach leading to customer financial information being leaked into the public domain. [private]

The payment processing giant, formerly known as Optimal Payments, said 3.6 million NETELLER accounts were breached while 4.2 million Skrill – which Optimal acquired earlier this year – accounts were also hacked.

Paysafe said of those accounts only 2% were active in the six months to 1 November 2015, and that leaked data did not include passwords, card details or bank account information.

The firm said it was investigating an alleged data leak back in October, and engaged a major accounting firm to assist with the probe and to verify its findings.

The data leak is believed to have emanated from cyber-attacks in 2009 and 2010, and Paysafe said it was not aware of any additional leaks since that time.

At the time, the leaks were subject to an independent forensic investigation from major accounting firms, which found the NETELLER breach contained no evidence it was “material”.

But in its latest update Paysafe said the attack had led to around 1,500 accounts being compromised but the firm had immediately taken action to restore the accounts and reimburse customers.

The historic investigation into Skrill was unable to conclude if the breach was material, but Paysafe said in both cases, to its knowledge, no customers suffered any financial loss.

Following the attacks, Paysafe said its management team, IT leadership and security protocols and standards had changed “considerably” in the last five years.

“The significant investment made to cybersecurity in recent years will continue into the future as Paysafe works to ensure it has the appropriate systems in place to defend against threats,” it added.