Some Facts About Data Breach at Global Payments
2 April 2012
Last Friday, the press began reporting about a major data breach at Global Payments, a large US card processor. As always in the early stages of such events, there were plenty of rumours and speculation with various sources reporting stolen card numbers to be as low as 50,000 or as high as 10 million. This morning, as I write this, Global Payments is holding a conference call to provide us all with more information. So, this is what we have directly from the company:
- Up to 1.5m cards records "may" have been affected;
- The incident is contained to North America only;
- Only Track 2 data has been taken (not Track 1 data and not customer name, address, etc.);
- Visa removed Global Payments from a PCI compliance list;
- The incident does not involve any merchants, ISOs or customers and occurred on some "local servers" at Global Payments;
- Due to the ongoing federal investigation, the company can't be specific about timelines, but did confirm that "about 3 weeks ago" it discovered that some card data "may have been taken" and immediately contacted federal law enforcement agencies and the schemes;
- Customers are "encouraged to be vigilant". Also, the company is setting up an information site for consumers which should be operational later today: http://www.2012infosecurityupdate.com/
- Continues to process all card transactions, including Visa;
- Is working with the schemes and other parties to address the situation; "~100 people are working on this";
- Intends to get its ROC (Record of Compliance) back "as soon as it is humanly possible";
- Will continue with its planned investments in other areas, but also will "spend even more on security" going forward;
- Expects to come out stronger and more experienced as a result, and believes that their customers will recognise this.
[...] Zilvinas’ full account here Email TAGS: banking, payments, payments [...]