Moneris

Moneris, operating under its alias and headquartered in Canada, provides merchants with the ability to process credit, debit and prepaid card payments through its secure payment processing systems that handle both in‑person and online transactions. The company maintains detailed records of merchant identifiers, geographic location data and operational logs as part of its routine service delivery and compliance obligations. In addition to standard card processing, Moneris supports legacy gift card programs, retaining the associated cardholder names and postal addresses for transaction reconciliation and reporting. Internal training materials that guide staff on security protocols, system operations and customer service are also stored within the organization’s information environment. By integrating payment authorization, settlement and reporting functions, Moneris enables businesses across various sectors to accept electronic payments while relying on its centralized infrastructure. The organization’s Canadian base situates it within a regulated payments landscape where it must adhere to national data protection and financial industry standards.

On 21 November 2023, Moneris detected an attempted ransomware attack that specifically targeted its information environment but did not succeed in compromising the core secure payment processing systems that handle merchant transactions. The unauthorized access obtained by the attackers included business information such as merchant IDs, location data, operational logs, internal training materials and the names with postal addresses linked to legacy gift card holders. Moneris’s internal cybersecurity team promptly identified the breach, contained the affected systems and initiated a forensic analysis to determine the scope of the data exposure. In response to the incident, the organization engaged external cybersecurity experts to assist with the investigation, validate containment measures and recommend additional security improvements. The collaborative effort led to the implementation of further mitigation steps designed to strengthen detection capabilities, restrict unauthorized access and enhance overall resilience against similar threats. Details of the incident, including the timeline and the organization’s response, were subsequently disclosed in an official news update published on the Moneris website on 25 November 2023.