Apparently the back end systems of Cayan, acquired by TSYS in 2018, were hacked with data stolen and ransomware implanted. The lost data and frozen systems were reported as immaterial by TSYS. While the ability to protect card data is admirable, this hack is unlikely to instill confidence in customers and prospects.
“On December 8, the cybercriminal gang responsible for deploying the Conti ransomware strain (also known as “Ryuk“) published more than 10 gigabytes of data that it claimed to have removed from TSYS’s networks.
Conti is one of several cybercriminal groups that maintains a blog which publishes data stolen from victims in a bid to force the negotiation of ransom payments. The gang claims the data published so far represents just 15 percent of the information it offloaded from TSYS before detonating its ransomware inside the company.
In a written response to requests for comment, TSYS said the attack did not affect systems that handle payment card processing.
“We experienced a ransomware attack involving systems that support certain corporate back office functions of a legacy TSYS merchant business,” TSYS said. “We immediately contained the suspicious activity and the business is operating normally.”
According to Conti, the “legacy” TSYS business unit hit was Cayan, an entity acquired by TSYS in 2018 that enables payments in physical stores and mobile locations, as well as e-commerce.
Conti claims prepaid card data was compromised, but TSYS says this is not the case.
‘Transaction processing is conducted on separate systems, has continued without interruption and no card data was impacted,” the statement continued. “We regret any inconvenience this issue may have caused. This matter is immaterial to the company.’ ”