Banks cancel 15,000 payment cards due to the hacking of a travel website

In an unprecedented event, executives at Greece’s four largest banks have decided to cancel and replace about 15,000 payment cards (credit and debit) after a digital forensics firm confirmed that a hacker group infiltrated a travel services website.

In a joint statement, the National Bank of Greece, Alpha Bank, Eurobank and Piraeus Bank, unveiled the measure. Although only a few bank cards have been confirmed to have been hacked so far, banking institutions opted for this solution so as not to leave loose ends.

Multiple details about the incident are still unknown, such as the extent of the data breach or the type of information compromised by the threat actors, as well as the method used. In collaboration with cybersecurity and digital forensics firms, banks are expected to release more details as soon as possible.

However, local media reports, the investigation of the incident is expected to be completed by the end of March, so we will have to wait for more details. So far it is only known with certainty that the compromised website provides services for booking airline, ferry, hotels, car rental, among other tourist services. In addition, this website adheres to the requirements of the Payment Card Industry Data Security Standard (PCI DSS).

Bank executives, as well as Greek authorities, expect the investigation to be fruitful, which will help digital forensics teams establish the best possible solutions to prevent these incidents from happening again. On the other hand, the affected banks will have to collaborate in an external investigation by the Central Bank of Greece, in collaboration with Visa and MasterCard.

Bank executives say security measures implemented in detecting the attack mitigated the scope, though they have not mentioned when they will finish issuing the new cards. According to the International Institute of Cyber Security (IICS), it is recommended at the moment that users reset their security codes and credentials to access online banking platforms until their new cards are ready.