Massive U.S. Payment Card Breach: 115 Million Cards Stolen via Smishing and MFA Bypass

A recent cyberattack has resulted in the theft of over 115 million U.S. payment cards through a sophisticated smishing campaign attributed to Chinese hackers. The attackers successfully bypassed multi-factor authentication (MFA) by exploiting digital wallet fraud, highlighting significant vulnerabilities in current security measures. Smishing, a form of phishing conducted via SMS, remains an effective attack vector despite increased awareness. The bypass of MFA is particularly concerning, as it undermines confidence in this critical security control. This incident underscores the need for more robust MFA implementations, such as hardware tokens or biometric verification, and continuous user education to recognize and report smishing attempts. Additionally, organizations should enhance monitoring and anomaly detection to identify unusual transactions or access patterns. The scale and sophistication of the attack suggest a well-resourced threat actor, possibly with state sponsorship. This breach serves as a stark reminder that no security measure is entirely foolproof, and organizations must remain vigilant and proactive in their cybersecurity strategies.