Global Payments: Breach Hit Less Than 1.5m Credit Cards
After warnings from Visa and MasterCard, payment processor Global Payments says less than 1.5 million credit cards were affected
Fewer than 1.5 million credit cards were affected by a security breach reported on Friday, according to Global Payments (GPN), the bankcard payment processor affected by the incident.
On Friday security journalist Brian Krebs reported that MasterCard and Visa sent “non-public alerts” to banks in the US earlier in March regarding a breach. Krebs’ report speculated the incident may have involved more than 10 million card numbers, citing unnamed sources in the financial sector. Later in the day GPN acknowledged that it was the processor involved.
North America affected
The breach took place between 21 January and 25 February, according to the alerts sent by Visa and MasterCard.
GPN acknowledged that “less than 1,500,000” card numbers may have been “exported” by criminals, with the numbers involved all from North America.
The information stolen included card numbers, but not the names, addresses or social security numbers of cardholders, according to GPN. Friday’s report had suggested the breach may have involved full card details, including both Track 1 and Track 2 data, which would have allowed cards to be counterfeited.
“Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained,” the company said in a statement.
GPN, whose shares were halted following the report, said it remained open for business and is working with regulators and law enforcement to limit the incident’s impact on cardholders.
“We are making rapid progress toward bringing this issue to a close,” stated GPN chairman and chief executive Paul Garcia.
Over the weekend, Visa distanced itself from GPN, removing the company from its list of compliant service providers, according to the Wall Street Journal. The company said it has asked GPN to revalidate its compliance with the Payment Card Industry Data Security Standard (PCI DSS).
Visa and MasterCard said on Friday there had been no breach of their own systems. Visa said it has provided payment card issuers with the affected account numbers, enabling them to take appropriate action to protect consumers.
How well do you know Internet security? Try our quiz and find out!