Cyber Incident Victim: Wisepay
Date:
Oct 2020
Location:
United Kingdom
Summary
A UK school meal payments provider experienced a cyber attack involving URL manipulation attempts to steal customer card details, prompting the company to proactively take its website offline under the guise of maintenance. The incident disrupted payment services for parents attempting to top up pupil accounts and purchase school items, leading some affiliated schools to suggest alternative payment methods during the outage. Wisepay clarified that no card information was stored on its systems and collaborated with cyber forensic agencies to address the breach, anticipating service restoration within hours while advising customers to monitor for suspicious banking activity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around October 2, 2020, UK-based school meal payments provider Wisepay detected an active cyber intrusion targeting its systems. The attacker attempted URL manipulation to spoof the company’s card payment page, aiming to intercept customer payment details. Wisepay responded by deliberately taking its website offline on October 7, publicly describing the disruption as routine "maintenance." This action caused immediate operational impacts, preventing parents from topping up student meal accounts or purchasing school-related items through the platform. Affected institutions included Monk’s Walk School in Hertfordshire, which advised parents to use alternative payment methods such as cash or checks during the outage. The company’s decision to withhold initial public disclosure of the attack reflected a containment strategy to prevent alerting the intruder while mitigation efforts were underway.
Wisepay later confirmed the outage was a preemptive measure to disrupt the attacker’s activities and emphasized it did not store cardholder data, limiting direct financial exposure. The firm collaborated with cybersecurity forensic specialists to investigate the incident and secure its systems. Service restoration was anticipated between 4:00 and 5:00 PM UTC on October 7. Parents were advised to monitor bank statements for unauthorized transactions as a precaution. The incident occurred amid heightened cybersecurity threats to educational services, with the UK’s National Cyber Security Centre (NCSC) having previously issued warnings about ransomware and other attacks targeting schools. No confirmed data breaches or financial losses were reported by Wisepay at the time of disclosure.