TSYS staff in Belfast and Derry told personal data at risk after ransomware attack

Staff at TSYS in Belfast and Derry have been informed their personal data may have been compromised by cyber criminals.
Staff at TSYS in Belfast and Derry have been informed their personal data may have been compromised by cyber criminals.

STAFF at payments solutions company TSYS in Belfast and Derry have been told their personal data has likely been compromised after the US-owned fintech group was targeted in a ransomware attack.

The card processing giant, formerly known as Cayan, first made the move to the north in 2013.

It was acquired by Total System Services Inc (TSYS) two years ago, and this year it became part of the Global Payments Inc group.

It employs around 200 people from City Quays 1 in Belfast and Ebrington Square in Derry, but most staff have been working from home since March.

TSYS has confirmed the attack compromised systems of its “legacy” TSYS merchant business, understood to relate to the Cayan business.

The company said no data relating to customer card transactions had been impacted.

TSYS informed its Northern Ireland staff on Wednesday that a ransomware attack had deleted or encrypted certain files on its systems.

But it said the incident had likely compromised the personal data of its staff in both Belfast and Derry.

TSYS said the data may include names, addresses, national insurance numbers and payroll information. But it could also include bank details.

The group said it is not yet aware of any harm caused as a result of the breach, but said the attackers had made some of the data available on the internet and threatened to disclose more.

American security journalist Brian Krebs has reported that a cyber criminal gang known as Conti published 10 gigabytes of data it claimed to have removed from TSYS’s networks.

Criminal gangs have recently adopted the tactic of partially leaking sensitive data from companies which refuse to pay for a ransomware decryption key.

The Irish News understands the attack occurred in mid-November. Staff were first alerted of a problem towards the end of last month, when they were unable access the company’s virtual private network (VPN).

They were later asked to unplug all hardware from the internet and told not to use phone lines for two weeks. They were then instructed to hand back all computers and laptops to be swapped for new hardware.

Staff were initially briefed about the ransomware attack, but it was last Wednesday before they were told the breach concerned their own personal data.

TSYS informed its Belfast and Derry workers it had not been able to determine exactly what data had been exposed.

The card payments group told The Irish News that it has offered staff credit monitoring and identity protection services at no cost.

In a statement, TSYS said the ransomware attack hit systems that related to the functions of its legacy TSYS merchant business.

“We immediately contained the suspicious activity and the business is operating normally.

“Transaction processing is conducted on separate systems, has continued without interruption, and no card data was impacted.

“We have provided formal notification to potentially affected team members in Ireland and offered them credit monitoring and identity protection services at no cost.

“We regret any inconvenience this issue may have caused. This matter is immaterial to the company."

TSYS said it had notified the Information Commissioner’s Office of the attack.