Želimo vas obvestiti, da so bile spletne strani znamke Intersport za Slovenijo, Hrvaško, Srbijo, Bosno in Hercegovino ter Črno goro predmet zlonamernega kibernetskega napada.
V napadu hekerjev je bila na omenjenih spletnih straneh nameščena koda, katere namen je bil skenirati podatke plačilnih ali bančnih kartic. V Intersportu smo ob zaznavi reagirali takoj in nemudoma odstranili sumljivo kodo.
Hekerji niso uspeli prestreči nobene informacije s plačilnih ali bančnih kartic, saj se spletna plačila procesirajo preko neodvisne plačilne platforme WPSPay, kjer zlonamerna koda ni bila nameščena.
Emir Dizdarević, direktor WSPay, je izjavil: »Kot ponudniki plačilnih storitev za skupino Intersport lahko potrdimo, da so bili vsi podatki plačilnih ali bančnih kartic, vneseni preko WSPay, zavarovani in niso bili žrtve kibernetskega napada.« WSPay uporablja metode, ki so v skladu s strogimi določbami pravilnika PCI DSS L1, ki zagotavlja varen vnos in prenos podatkov plačilnih ali bančnih kartic in tudi ostalih podatkov, ki so bili vneseni v obrazec WSPay.
Optiweb, parterska organizacjia skupine Intersport, ki je zadolžena za razvoj in vzdrževanje spletnih strani skupine Intersport, je temeljito pregledala in diagnosticirala napad. Miha Lavtar, direktor podjetja Optiweb, je izjavil: »Glede na dnevnik dogodkov in na omejeni dostop do uporabniških imen lahko sklepamo, da napadalci niso mogli pridobiti nobenih podatkov s plačilnih ali bančnih kartic ali osebnih podatkov kupcev skupine Intersport.
Situacijo budno spremljamo in hkrati v sodelovanju s podjetjem Optiweb in njihovi partnerji, ki skrbijo za infrastrukturo strežnikov, uvajamo dodatne preventivne varnostne ukrepe. Spletno nakupovanje preko vseh spletnih strani Intersporta še naprej ostaja varno.
Press statement
We would like to inform you that Intersport has recently witnessed a malicious attack on Intersport websites in the region, specifically in Slovenia, Croatia, Serbia, Bosnia and Hercegovina and Montenegro.
In this hacking attack, a code was installed on our websites with purpose to scan payment card data. Intersport reacted immediately upon discovery and the suspicious code was removed.
No payment card information were intercepted, as online card payments are processed through independent WSPay payment platform, which was not affected by the malicious code.
Emir Dizdarević, CEO of WSPay, said: “As a Payment Service Provider for Intersport group, we can confirm that all the payment card details entered into WSPay payment Form are secure and were not affected by this cyber attack.” WSPay uses all methods in accordance with PCI DSS L1 certification to secure entering and transfer of payment cards data as well as all other information entered on WSPay Form.
Intersport’s partner agency Optiweb, responsible for the development and maintenance of Intersport’s web pages, has thoroughly checked and diagnosed the attack. Miha Lavtar, CEO of Optiweb, said: “Based on the event log data and the limited access of the usernames, we can conclude that attackers have not been able to gain any payment card data or personal data related to Intersport users.”
The situation is further monitored and Intersport is applying additional preventive security measures in cooperation with Optiweb and their server infrastructure partners. Online shopping on all Intersport web pages remains safe for all customers.
In case of additional questions, please contact:
Andrea Filipović, Dialog komunikacije
andrea.filipovic@dialog-komunikacije.hr
cell. +385 91 54 70 129
