UK hackers demand ransom from Visa

Credit card firm Visa has been hit by a ransom demand by an individual claiming to represent a group of malicious British hackers. Visa would not confirm how much the demand amounts to, although a report in The Sunday Times suggests the figure is £10m.

The company issued a statement to ZDNet News Monday morning admitting that "an outside party" had gained access to a "non-critical" area of its computer systems in early December.

The statement says the situation was dealt with swiftly and efficiently: "Visa's response plan worked exactly as it should have. We promptly detected the attack, hardened the systems, and worked with the authorities to help identify the suspect. We are continuing to co-operate with the authorities to bring the legal aspects of the matter to a conclusion."

The company says that to its knowledge, no sensitive information was ever compromised. It adds, "This outside party did not gain access to any of Visa's core transaction processing systems, nor do we have any evidence that they took possession of any important information."

The Sunday Times suggests that James Grant, who works for a computer company in Hopeman Scotland, has been contacted by police in connection with the case and has had computer equipment seized by investigators. It is believed that Grant has a legal agreement with Visa not to discuss the situation publicly.

Scotland Yard's Computer Crime Unit confirmed Monday that there is an ongoing investigation into the ransom demands but refused to give details: "The Metropolitan police service is investigating allegations under the Computer Misuse Act 1990. No arrests have been made and inquiries are ongoing," the Yard said in a statement.

According to the Sunday Times, at least 12 other corporations may be attacked in the same way. The Sunday Times also says that the police suspect that an illicit hacking team believed to be involved may have hired their services out to parts of the organised criminal underworld. A spokeswoman for the police Computer Crime Unit told ZDNet, "It is too early to speculate about the details at this stage of the investigation."

News of this security scandal comes just a week after US-based e-commerce company eUniverse revealed that a malevolent hacker had managed to seize credit-card details of 300,000 of its customers before openly publishing them on the Internet.

Visa conducts more than £1 trillion credit card transactions each year and the loss of one day's business could cost the company many millions of pounds.

What do you think? Tell the Mailroom. And read what others have said.

Take me to Hackers