A hacker got into the computer systems of electronic payment processing services provider RBS WorldPay, compromising more than a million customers’ records.
Formerly known as RBS Lynk, RBS WorldPay, which claims it has more than 20 years in the business, is the U.S. payment processing arm of The Royal Bank of Scotland Group.
Personal and financial account information of about 1.5 million cardholders and other individuals, and the social security numbers (SSNs) of 1.1 million people, may have been accessed by the hacker, RBS WorldPay said in a statement announcing the break-in on Wednesday.
RBS WorldPay describes the break-in as a highly sophisticated cyber intrusion on its Website. It notified law enforcement agencies and federal regulators after the break-in was discovered on November 10.
Among other things, RBS WorldPay offers pre-paid payroll and gift cards.
So far, about 100 payroll cards, which are reloadable stored value cards companies use to pay their employees’ wages, have been fraudulently used, the company said. These have been deactivated.
In response to the break-in, RBS WorldPay has brought in specialists to beef up its computer system security, according to a source at the firm who requested anonymity.
The company has also begun notifying people who may have been impacted about the incident and providing them a list of actions to take. These include remaining vigilant for up to two years, and reviewing credit reports carefully.
In addition, it is resetting the PIN numbers of its pre-paid payroll cards. Victims whose cards have been fraudulently used will not be held responsible for any charges rung up.