Želimo vas obavijestiti kako su zlonamjerno napadnute Intersport web stranice u Hrvatskoj, Sloveniji, Srbiji, Bosni i Hercegovini i Crnoj Gori.

U hakerskom napadu na spomenutim web lokacijama, ugrađen je kod koji je trebao skenirati podatke o bankovnim karticama. U Intersportu smo reagirali čim je otkriven maliciozan kod koji je odmah uklonjen.

Nije došlo do zloupotrebe podataka o bankovnim karticama, jer se podaci o platnim karticama obrađuju isključivo kod nezavisnog pružatelja platnog prometa Wspay na koji hakerski kod nije mogao utjecati.

Emir Dizdarević, izvršni direktor WSPay-a, izjavio je: “Kao pružatelj usluga plaćanja za Intersport grupu, možemo potvrditi da su svi podaci o bankovnim karticama uneseni u WSPay stranicu za plaćanje sigurni i da na njih nije utjecao hakerski napad.” WSPay koristi sve metode u skladu s PCI DSS L1 certifikatom za siguran unos i prijenos podataka o bankovnim karticama kao i sve ostale podatke koji se unose u WSPay stranicu za plaćanje.

Partnerska agencija Intersporta, Optiweb, odgovorna za razvoj i održavanje Intersportovih web stranica detaljno je provjerila i dijagnosticirala napad. Miha Lavtar, izvršni direktor Optiweba, izjavio je: “Na temelju podataka dnevnika događaja i ograničenog pristupa korisničkih imena možemo zaključiti da napadači nisu uspjeli dobiti podatke o bankovnim karticama ili osobne podatke koji se odnose na korisnike Intersporta.”

Situacija se pažljivo nadgleda i primjenjujemo dodatne preventivne sigurnosne mjere u suradnji s Optiwebom i njihovim partnerima koji brinu o infrastrukturi servera. Online kupovina na svim Intersport web stranicama ostaje sigurna za sve kupce.

Press statement

We would like to inform you that Intersport has recently witnessed a malicious attack on Intersport websites in the region, specifically in Slovenia, Croatia, Serbia, Bosnia and Hercegovina and Montenegro.

In this hacking attack, a code was installed on our websites with purpose to scan payment card data. Intersport reacted immediately upon discovery and the suspicious code was removed.

No payment card information were intercepted, as online card payments are processed through independent WSPay payment platform, which was not affected by the malicious code.

Emir Dizdarević, CEO of WSPay, said: “As a Payment Service Provider for Intersport group, we can confirm that all the payment card details entered into WSPay payment Form are secure and were not affected by this cyber attack.” WSPay uses all methods in accordance with PCI DSS L1 certification to secure entering and transfer of payment cards data as well as all other information entered on WSPay Form.

Intersport’s partner agency Optiweb, responsible for the development and maintenance of Intersport’s web pages, has thoroughly checked and diagnosed the attack. Miha Lavtar, CEO of Optiweb, said: “Based on the event log data and the limited access of the usernames, we can conclude that attackers have not been able to gain any payment card data or personal data related to Intersport users.”

The situation is further monitored and Intersport is applying additional preventive security measures in cooperation with Optiweb and their server infrastructure partners. Online shopping on all Intersport web pages remains safe for all customers.

In case of additional questions, please contact:

Andrea Filipović, Dialog komunikacije

andrea.filipovic@dialog-komunikacije.hr

cell. +385 91 54 70 129