WisePay’s website was hacked by the Cybercriminals between October 2-5. It is an online payment service provider that gives parents and guardians access and control to allow them to pay to the school on behalf of the students. Had estimated that there were a total of 300 schools affected, but the firm assumed that only a few parents had used the system before it went offline.
As per WisePay’s managing director, Mr. Richard Grazier, the attack occurred on Friday night and was brought to their attention until Monday morning at 10:00 BST, and the site since has been down.
Cybercriminals were able to utilize a backdoor on WisePay’s database and modified one page. A malicious link was added to the website that had the site visitor enter their credit card credentials on the fake payment page monitored by the hacker.
The Hampshire-based company had an “outage” advisory on their website as their preemptive measure to obstruct the Cybercriminals in manipulating the URL of the said online payment system.
It has been explained by WisePay that the malicious activity was done to the site’s Sagepay page to capture Credit card details and insisted that they do not hold their customer’s card information.
They confirmed that they have informed the UK Information Commissioner’s Office about the breach and have since worked alongside a Cyber Forensic Agency to have a further investigation about the attack.
Monk’s Walk School, which is a WisePay customer, advised Parents via a Facebook post who used WisePay between October 2-5 to take sensible precautions to check and be wary of suspicious activities on their online banking.
Founded in 1996, WisePay is a supplier of flexible payment, booking, and communication services for education in the UK.
The affected individuals on this breach will be identified and contacted by WisePay. As of writing, WisePay’s official website is back online.
A financial organization that aims at the educational sector, WisePay, can be considered a gold mine for cybercriminals as they hold highly sensitive information.
iZOOlogic’s Dark Web Monitoring services are to go after the Cybercriminals’ leaked traces, possibly selling the illegally acquired information in the Dark Web.
