Connect with us

Social

SumUp raises $624M at $8.5B valuation, with its payments and business tech now used by 4M SMBs – TechCrunch

Published

on

A decade ago, SumUp was one of the army of fintechs that made names for themselves with dongles that turned basic smartphones into card payment terminals. Today, the London-based company has expanded into a wider range of business services that are used by some 4 million small and medium businesses in 35 markets, and as it continues to scale out its ambitions, it’s closed in on a major round of funding of €590 million ($624 million).

The money will be used for acquisitions, more hiring (it now employs some 3,000 people), and more organic product development, the company said.

The investment — led by Bain Capital Tech Opportunities, with participation also from funds managed by BlackRock, btov Partners, Centerbridge, Crestline, Fin Capital, and Sentinel Dome Partners, and others — is coming in the form of 50% equity and 50% debt and values SumUp at €8 billion ($8.5 billion).

SumUp has raised some €1.5 billion over the last ten years, but most of that has been in debt (including a €750 million debt round last year).

Marc-Alexander Christ, SumUp co-founder and CFO, said in an interview that in fact before this round less than €100 million of that figure was equity, meaning dilution is relatively low despite those high numbers, and there has been little in the way of transparency on the company’s valuation.

Covid-19 put a dampener on a lot of in-person commerce, and that had a knock-on effect not just on retailers but the people and companies that worked in their commerce ecosystems. The solution for a company like SumUp — with the bread and butter of its business, point of sale payments, fundamentally a part of that in-person commerce experience — has been to diversify and double down on a wider array of services for its small business retailers customers.

To that end, it has used significant chunks of the debt it’s raised to date for acquisitions and to build out more services beyond POS payments, in areas like business banking (the basic version of which it throws in as a freebie), online payments and business services around both.

This is part and parcel of how the space has evolved. At a time when others in the same business as SumUp have either diversified strongly into areas like cryptocurrency (with the original player here, Square, going so far as to rebrand as Block), or been snapped up by even bigger fish (see: PayPal acquiring iZettle), SumUp has positioned itself as the SMB fintech consolidator.

In what is a very fragmented space, it has snapped up companies to complement and expand its payments platform such as Payleven (a “Square clone” that was hatched at Rocket Internet), Goodtill, Tiller, and U.S.-based customer loyalty startup Fivestars. And when you consider all of the elements that go into buying and selling goods and services, there are a lot of areas left for SumUp to tackle — big data analytics, more tools to build, manage and optimise, online sales experiences for its customers, more technology to use to improve how items are sold in physical commerce experiences, and so on — all areas that SumUp can approach either through building its own technology, or indeed through more M&A.

It’s a strategy that has worked, it seems: altogether, SumUp’s revenues have grown 60% annually in the last couple of years, Christ said. And with some 10% of its 4 million businesses now using its business banking service, he added that this potentially makes SumUp “the world’s biggest neobank for SMBs”.

Nevertheless, turning that statistic around, POS payments still represents the bulk of the company’s revenues, so 60% growth is not just a testament to SumUp being able to grow that business in the last two years, but also the fact that in-person and point-of-sale payments remained active areas for transactions.

And the same could be said for the company’s global strategy. Although SumUp notes that it’s now in 35 markets and driving into more emerging countries — its most recent launch was in Peru — its home market of Europe remains its biggest geography at the moment. “The powerhouse clearly is Europe, with EMEA still the driving force for new revenue,” said Michael Schrezenmaier, the company’s CEO for the region.

“SumUp has continually evolved to empower a growing and diverse field of small businesses with payment solutions and tools to efficiently connect with their everyday consumers,” Darren Abrahamson, an MD at Bain Capital Tech Opportunities, in a statement. “SumUp’s leadership team have led the company to sustained and accelerated growth through expansion to more than 30 countries where they have had a direct and positive impact on the small business ecosystem. We’re proud to contribute our deep fintech and payments experience to aid SumUp’s remarkable ability to push the boundaries and lead an incredibly competitive industry.”

Continue Reading

Social

US government says North Korean hackers are targeting American healthcare organizations with ransomware – TechCrunch

Published

on

The FBI, CISA, and the U.S. Treasury Department are warning that North Korean state-sponsored hackers are using ransomware to target healthcare and public health sector organizations across the United States.

In a joint advisory published Wednesday, the U.S. government agencies said they had observed North Korean-backed hackers deploying Maui ransomware since at least May 2021 to encrypt servers responsible for healthcare services, including electronic health records, medical imaging, and entire intranets.

“The FBI assesses North Korean state-sponsored cyber actors have deployed Maui ransomware against Healthcare and Public Health Sector organizations,” the advisory reads. “The North Korean state-sponsored cyber actors likely assume healthcare organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health. Because of this assumption, the FBI, CISA, and Treasury assess North Korean state-sponsored actors are likely to continue targeting [healthcare] organizations.”

The advisory notes that in many of the incidents observed and responded to by the FBI, the Maui ransomware caused disruption to healthcare services “for prolonged periods.”

Maui was first identified by Stairwell, a threat-hunting startup that aims to help organizations determine if they have been compromised, in early-April 2022. In an analysis of the ransomware, Stairwell principal reverse engineer Silas Cutler notes that Maui lacks many of the features commonly seen with tooling from ransomware-as-a-service (RaaS) providers, such as an embedded ransom note or automated means of transmitting encryption keys to attackers. Rather, Stairwell concludes that Maui is likely manually deployed across victims’ networks, with remote operators targeting specific files they want to encrypt.

North Korea has long used cryptocurrency-stealing operations to fund its nuclear weapons program. In an email, John Hultquist, vice president of Mandiant Intelligence, said that as a result “ransomware is a no-brainer” for the North Korean regime.

“Ransomware attacks against healthcare are an interesting development, in light of the focus these actors have made on this sector since the emergence of COVID-19. It is not unusual for an actor to monetize access which may have been initially garnered as part of a cyber espionage campaign,” said Hultquist. “We have noted recently that North Korean actors have shifted focus away from healthcare targets to other traditional diplomatic and military organizations. Unfortunately, healthcare organizations are also extraordinarily vulnerable to extortion of this type because of the serious consequences of a disruption,” he added.

The advisory, which also includes indicators of compromise (IOCs) and information on tactics, techniques and procedures (TTPs) employed in these attacks to help network defenders, urges organizations in the healthcare industries to strengthen their defenses by limiting access to data, turning off network device management interfaces, and by using monitoring tools to observe whether Internet of Things devices have become compromised.

“The FBI, along with our federal partners, remains vigilant in the fight against North Korea’s malicious cyber threats to our healthcare sector,” said FBI Cyber Division assistant director Bryan Vorndran. “We are committed to sharing information and mitigation tactics with our private sector partners to assist them in shoring up their defenses and protecting their systems.”

The U.S. government’s latest warning follows a spate of high-profile cyberattacks targeting healthcare organizations; University Medical Center Southern Nevada was hit by a ransomware attack in August 2021 that compromised files containing protected health information and personally identifiable information, and Eskenazi Health said in October that cybercriminals had access to their network for almost three months. Last month, Kaiser Permanente confirmed a breach of an employee’s email account led to the theft of 70,000 patient records.

Continue Reading

Social

Hotel giant Marriott confirms yet another data breach – TechCrunch

Published

on

Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data including guests’ credit card information.

The incident, first reported by Databreaches.net Tuesday, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott hotel Maryland into giving them access to their computer.

“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer,” Marriott spokesperson Melissa Froehlich Flood told TechCrunch in a statement. “The threat actor did not gain access to Marriott’s core network.”

Marriott said the hotel chain identified, and was investigating, the incident before the threat actor contacted the company in an extortion attempt, which Marriott said it did not pay.

The group claiming responsibility for the attack say the stolen data includes guests’ credit card information and confidential information about both guests and employees. Samples of the data provided to Databreaches.net purport to show reservation logs for airline crew members from January 2022 and names and other details of guests, as well as credit card information used to make bookings.

However, Marriott told TechCrunch that its investigation determined that the data accessed “primarily contained non-sensitive internal business files regarding the operation of the property.”

The company said that it is preparing to notify 300-400 individuals regarding the incident, and has already notified relevant law enforcement agencies.

This isn’t the first time Marriott has suffered a significant data breach. Hackers breached the hotel chain in 2014 to access almost 340 million guest records worldwide – an incident that went undetected until September 2018 and led to a £14.4 million ($24M) fine from the U.K’s Information Commissioner’s Office. In January 2020, Marriott was hacked again in a separate incident that affected around 5.2 million guests.

TechCrunch asked Marriott what cybersecurity protections it has in place to prevent such incidents from happening, but the company declined to answer.

Continue Reading

Social

Rivian says it’s on track to deliver 25,000 vehicles this year – TechCrunch

Published

on

Rivian said Wednesday the company produced 4,401 vehicles at its manufacturing facility in Normal, Illinois, and delivered 4,467 vehicles for the quarter ended June 30.

“These figures remain in line with the company’s expectations, and it believes it is on track to deliver on the 25,000 annual production guidance previously provided,” Rivian said in a statement.

In the first quarter of 2022, Rivian produced 2,553 vehicles and delivered 1,227 vehicles.

The production figures include a mix of the Rivian R1T pickup truck, R1S SUV and the commercial vans it is making for Amazon.

Developing...

Continue Reading

Trending