Cyber Incident Victim: iPay88 Sdn Bhd

iPay88, a payment gateway provider servicing businesses including e-commerce platform Shopee and Apple authorised reseller Machines, publicly disclosed a cybersecurity incident on August 11, 2022. The company stated the event potentially compromised customer card data processed through its systems. While iPay88 did not specify the exact date of initial compromise or the attack methodology, it confirmed implementing containment measures that halted further suspicious activity by July 20, 2022. The breach notification indicated unauthorized access to payment card information, though the scale of impacted transactions or individuals remained undisclosed. No evidence suggested prolonged post-containment data exposure, as monitoring confirmed no additional malicious activity following the July 20 containment milestone.

The company initiated incident response procedures upon detecting the breach, though specific detection methods or initial attack vectors were not detailed in the public statement. iPay88 emphasized the containment's effectiveness in neutralizing the threat but did not disclose whether data exfiltration occurred or if attackers retained accessed information. Impacted entities included merchants and consumers relying on iPay88's payment processing infrastructure, with potential risks centering on payment card fraud. The disclosure acknowledged Shopee and Machines as notable clients but did not clarify whether these platforms experienced direct data exposure. iPay88's public communication focused on the operational containment timeline and data compromise possibility without confirming specific attacker motives or identities.