Cyber Incident Victim: Moneris
Date:
Nov 2023
Location:
Canada
Summary
Moneris experienced an attempted ransomware attack that did not compromise its secure payment processing systems. The incident involved unauthorized access to business information including merchant IDs, location data, operational logs, internal training materials, and names with postal addresses associated with legacy gift cards. The organization's cybersecurity team rapidly identified and contained the breach while collaborating with external experts to analyze the impacted data and implement mitigation measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Moneris, Canada's largest payment processor, experienced an attempted ransomware attack disclosed in a November 25, 2023 update following an initial November 21 statement. The company confirmed its payment processing environments remained secure and operational throughout the incident, with no disruption to transactional systems. Their cybersecurity team detected the intrusion promptly, implementing containment measures to limit the attack's scope. Investigation revealed unauthorized access to internal business data repositories, though critical payment infrastructure was isolated from compromise. The breach exposed non-financial operational information including Merchant IDs associated with business clients, physical merchant location data, system issue logs documenting technical operations, and internal training materials used for employee education. Additionally, legacy gift card systems containing customer names and postal addresses were accessed, though active payment card data and real-time transaction systems weren't impacted.
Moneris engaged third-party cybersecurity experts to conduct forensic analysis and assess the full extent of data exposure following containment. The attackers exfiltrated and publicly released portions of the accessed business records, though the company didn't confirm whether ransomware was deployed successfully or if data encryption occurred. Mitigation efforts focused on analyzing the compromised datasets to identify affected merchants and individuals for notification, while reinforcing existing security protocols. No operational downtime or service interruptions resulted from the attack, with Moneris maintaining normal payment processing throughput. The incident highlighted exposure of historical business records rather than active financial systems, with compromised data categories suggesting infiltration of internal corporate networks separate from payment infrastructure. Moneris reiterated its prioritization of cybersecurity and customer data protection throughout its response communications.