14 DAY TRIAL // Jacksonville-based payment processor Fidelity National Information Services (FIS) suffered a security breach earlier this year that resulted in cyber thieves stealing $13 million.
FIS revealed in its earnings statement for the first quarter of 2011 that it suffered an intrusion on its eFunds Prepaid Solutions platform back in May.
"The Company has identified that 7,170 prepaid accounts may have been at risk and that three individual cardholders’ non-public information may have been disclosed as a result of the unauthorized activities," the payment processor said at the time.
However, KrebsOnSecurity cites unnamed sources close to the investigation who claim the incident had far more serious consequences.
According to them, hackers managed to break into the eFunds platform and modify the balances and daily withdraw limits of 22 prepaid cards.
They then distributed cloned versions of the cards to co-conspirators in major cities across Greece, Russia, Spain, Sweden, Ukraine and the United Kingdom.
During the weekend of March 5, 2011, the thieves managed to withdraw $13 million through an international network of money mules.
Because the heist happened outside of business hours, the hackers were able to artificially refill the balances of the prepaid cards repeatedly without being detected.
The company hasn't yet confirmed the this story, but if it is true, the heist is highly similar to the 2008 attack against RBS WorldPay.
It that case, hackers with access to the company's network upped the balances of 44 prepaid cards and removed their withdraw limits. Over $9 million were then withdrawn within a 24-hour window using cloned versions of the cards from 2,100 ATMs located in 280 cities around the world.
The RBS WorldPay cyber heist was one of the most sophisticated and well-planned in history. Several hackers and money mules were arrested in Russia and Estonia in connection with the attack.
The alleged mastermind, Sergei Tsurikov of Estonia, was extradited to the United States to face criminal charges. Two Russian accomplices were tried in their native country and only received suspended prison sentences.