Tens of thousands of Swiss credit card statements are accessible online

Tens of thousands of Swiss credit card statements were openly accessible on the Internet for a long time, the online magazine “Republik” revealed Monday.

Swiss IT security company Pentagrid accidentally stumbled upon a corresponding server vulnerability at credit card company Viseca, according to research. This vulnerability made it possible to access the foreign data simply by changing an internet address (URL).

Potentially Affected: Tens of thousands of small and medium-sized businesses (SMEs) who have a Mastercard or Visa credit card with Viseca and bill through their bank.

The Republic writes:

Owned by the banks

Viseca is owned by the largest Swiss cantonal and retail banks. This includes all cantonal banks, the Raiffeisen Group, Entris Banking, Migros Bank, Bank Cler, regional banks, as well as private and commercial banks.

At Watson’s request, Viseca spokesperson Nicolas Kucera confirmed that a corresponding IT vulnerability had existed for 17 months. However, “no indications of improper access” were found – neither in the server logs nor through Darknet monitoring.

The vulnerability was closed within a week in November 2022 (after being reported by Pentagrid).

The conclusion of the “Republic”:

What is likely to annoy some customers: most only find out about the security incident through the reports: Viseca and the banks had refrained from informing all potentially affected themselves.

Sources

(dsc)