Commercial credit, debit cards appear to be the main target of the breach

We're just hours away from the $640M Mega Millions lottery drawing, but it appears that some nefarious parties were looking to cash in a bit early at the expense of Visa and MasterCard cardholders. KrebsonSecurity is reporting that a "massive" security breach at a credit card processor has put 10 million accounts at risk.
According to the Wall Street Journal, the card processor is Global Payments Inc. and most of the accounts affected involve business/commercial credit and debit cards.
The data breach reportedly occurred between January 21 and February 25 of this year, but the information was not widely made public until today. Fox News reports that law enforcement agencies including the U.S. Secret Service are involved in the investigation. In addition, an "independent data security organization" is also analyzing the security breach.

[Source: The Street]
"MasterCard's own systems have not been compromised in any manner," said MasterCard in a statement. "We have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk."
For its part, Visa provided the following statement:
Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet.
Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards.
Be sure to keep a close eye on your online credit card/debit card statement for any irregularities and report them to your card issuer as soon as possible.

Updated @ 5:14pm
KrebsonSecurity just confirmed that Global Payments, Inc. is indeed the credit card processor that was compromised. The company issued the following statement:

Global Payments Inc., a leader in payment processing services, announced it identified and self-reported unauthorized access into a portion of its processing system.  In early March 2012, the company determined card data may have been accessed.  It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potential cardholder impact.  The company is continuing its investigation into this matter.

"It is reassuring that our security processes detected an intrusion.  It is crucial to understand that this incident does not involve our merchants or their relationships with their customers," said Chairman and CEO Paul R. Garcia.

Global Payments will hold a conference call Monday, April 2, 2012 at 8:00 AM EDT.  Callers may access the conference call via the investor relations page of the Company's Web site at by clicking the "Webcast" button; or callers in North America may dial 1-888-895-3550 and callers outside North America may dial 1-706-758-8809.  The pass code is "GPN."

Global Payments, Inc. was down 9% today once news of the breach spread.

Sources: KrebsonSecurity, Fox News, Wall Street Journal

"Young lady, in this house we obey the laws of thermodynamics!" -- Homer Simpson
Latest Headlines

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki