Global Payments: 1.5MM Cards ImpactedBreached Payments Processor Says Incident is 'Contained'
In its second formal statement since news of its data breach broke, payments processor Global Payments Inc. says this incident is confined to North America and involves fewer than 1.5 million payment cards.
See Also: Data Center Security Study - The Results
"The investigation to date has revealed that Track 2 card data may have been stolen, but that cardholder names, addresses and social security numbers were not obtained by the criminals," Global Payments said in a statement released on April 1. "Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained."
Also, according to multiple news reports (including The New York Times and Wall Street Journal), payment card giant Visa has removed Global Payments from its list of "compliant service providers." This list represents the service providers that Visa has validated for merchants and other businesses to run their credit card transactions.
On Friday, March 30, Global Payments acknowledged widespread reports that it had suffered a data breach impacting multiple payment card brands. The scope of the breach has been described as "massive," with estimates of as many as 10 million cards impacted. In its latest statement, the processor says:
"The company believes that the affected portion of its processing system is confined to North America and less than 1,500,000 card numbers may have been exported."
This second statement came less than 24 hours before a planned conference call to address the breach. That call was scheduled for 8 a.m. eastern time on Monday, April 2.
The Global Payments statement also says "the company continues to work with industry third parties, regulators and law enforcement to assist in the efforts to minimize potential cardholder impact. It has engaged multiple information security and forensics firms to investigate and address this issue."
"We are making rapid progress toward bringing this issue to a close. Our nearly 4,000 employees around the world are focused on providing exceptional service. We are open for business and continue to process transactions for all of the card brands," said Chairman and CEO Paul R. Garcia.
Based in Atlanta, Global Payments processes billions of payment card, check and e-commerce transactions annually for more than 1 million global merchant locations worldwide.
The major payment card brands began warning card-issuing institutions in March about this breach, which could prove to be the largest incident since the Heartland Payment Systems breach.
First reported by security blogger Brian Krebs, this latest breach could potentially affect more than 10 million cards, Krebs says.
"The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012, and Feb. 25, 2012," Krebs writes. "The alerts also said that full Track 1 and Track 2 data was taken - meaning that the information could be used to counterfeit new cards."
For more information from the Global Payments and the major card brands, please see Statements on Global Payments Breach.