It has been reported that the 2011 cyber attack on the FIS was more severe than initially thought.
Security blogger Brian Krebs reported that the FDIC report on the breach, distributed to hundreds of FIS clients in June 2013, reveals that the violation was not confined to the Sunrise pre-paid card platform and that "experts identified over 2000 touch points that indicated a broad exposure of internal FIS systems and client related data."
According to an investigation by the Federal Deposit Insurance Corp (FDIC) the security attack raises questions about the FIS’ security practices.
In May 2011 FIS revealed a $13m hit arising from ‘unauthorised activities involving one client and 22 Sunrise prepaid card accounts’; the company also identified 7,170 pre-paid accounts that may have been at risk.
In May 2011 it was reported that the cyber attackers increased the limits on the pre-paid cards, cloned the cards and withdrew the $13m from ATMs worldwide.
The June 2013 report indicates around 100 client financial institutions which appear to have had sensitive data exposed by the attacks.
FIS told Brian Krebs that no clients lost money as a result of the breach and that it has spent around $100m strengthening its information security and risk position.