What should I do if I believe my data was part of this breach?

Affected individuals should enhance online account security and monitor financial statements for suspicious activity.

Can this data be used for fraudulent purposes?

Yes, partially exposed payment-related data can facilitate identity theft or financial fraud.

How did PayHere respond to this incident?

PayHere published a blog outlining the breach and their steps to ensure cybersecurity integrity moving forward.

What measures can businesses take to prevent similar breaches?

Employ advanced encryption, regularly audit security measures, and enhance staff training on threat recognition and response.

Back to Radar

PayHere

High

Sri Lankan payment gateway PayHere suffered a breach exposing over 1.5M users' sensitive information in March 2022.

Records exposed: 1,580,249 records
Breach date: Breach Mar 27, 2022
Last update: Updated May 2, 2022

Source

What data was exposed?

Fields reported as compromised in this breach record.

Email addressesIP addressesNamesPartial credit card dataPhone numbersPhysical addressesPurchases

Why does this breach matter?

In-depth analysis of the breach and its implications.

In late March 2022, the Sri Lankan payment gateway PayHere experienced a significant data breach affecting over 1.5 million individuals. The breach exposed sensitive user information, including email addresses, IP and physical addresses, names, phone numbers, purchase histories, and partially masked credit card details (card type, PAN segments, and expiration date). These details were extracted from 65GB of payment datasets. PayHere responded publicly a month later, publishing a summary of the incident titled "Ensuring Integrity on PayHere Cybersecurity Incident."

Impact Analysis

Understanding the scope and consequences of this breach.

User Impact: Users faced exposure of sensitive personal and financial data, increasing risks of identity theft and fraud.
Business Impact: PayHere's reputation and trust were potentially impacted, coupled with legal and operational repercussions.
Affected Sectors: Financial Technology
E-commerce
Geographic Impact: Sri Lanka
Global

What You Should Do

Recommended actions to take in response to this breach.

If You Were Affected

•Monitor account activities for unauthorized transactions.
•Enable transaction alerts.
•Update passwords and use unique ones for critical accounts.
•Contact financial institutions for enhanced security measures.

Preventive Measures

•Use enhanced encryption for sensitive data storage.
•Implement multi-factor authentication for access control.
•Regularly conduct penetration testing and security audits.
•Promote user education on cybersecurity best practices.

Frequently Asked Questions

Common questions about this breach and what it means for you.

Compromised data includes email addresses, IP and physical addresses, names, phone numbers, purchase histories, and partially obfuscated credit card details.

PayHere

What data was exposed?

Why does this breach matter?

Impact Analysis

What You Should Do

If You Were Affected

Preventive Measures

Frequently Asked Questions

Community

Resources

Product

Legal

PayHere

What data was exposed?

Why does this breach matter?

Impact Analysis

What You Should Do

If You Were Affected

Preventive Measures

Frequently Asked Questions

What specific information was compromised in this breach?

What should I do if I believe my data was part of this breach?

Can this data be used for fraudulent purposes?

How did PayHere respond to this incident?

What measures can businesses take to prevent similar breaches?