Tens of thousands of Swiss credit card statements were openly accessible on the Internet for a long time, the online magazine “Republik” revealed Monday.
Swiss IT security company Pentagrid accidentally stumbled upon a corresponding server vulnerability at credit card company Viseca, according to research. This vulnerability made it possible to access the foreign data simply by changing an internet address (URL).
Potentially Affected: Tens of thousands of small and medium-sized businesses (SMEs) who have a Mastercard or Visa credit card with Viseca and bill through their bank.
The Republic writes:
Owned by the banks
Viseca is owned by the largest Swiss cantonal and retail banks. This includes all cantonal banks, the Raiffeisen Group, Entris Banking, Migros Bank, Bank Cler, regional banks, as well as private and commercial banks.
At Watson’s request, Viseca spokesperson Nicolas Kucera confirmed that a corresponding IT vulnerability had existed for 17 months. However, “no indications of improper access” were found – neither in the server logs nor through Darknet monitoring.
The vulnerability was closed within a week in November 2022 (after being reported by Pentagrid).
The conclusion of the “Republic”:
What is likely to annoy some customers: most only find out about the security incident through the reports: Viseca and the banks had refrained from informing all potentially affected themselves.
Sources
- republic.ch: Tens of thousands of Swiss credit card statements freely available on the Internet
- pentagrid.nl: Credit card statement disclosure of vulnerability in Viseca’s eXpense portal
(dsc)
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
