Global Payments says that less than 1.5m accounts impacted by breach

Share this article:

A breach affecting Visa and MasterCard has been laid at the feet of payment processor Global Payments.

In a statement, Global Payments announced that it identified and reported unauthorised access to a portion of its processing system. Chairman and CEO Paul R. Garcia said: “In early March, the company determined card data may have been accessed. It immediately engaged external experts in information technology forensics and contacted federal law enforcement.

“The company promptly notified appropriate industry parties to allow them to minimise potential cardholder impact. The company is continuing its investigation into this matter.

“It is reassuring that our security processes detected an intrusion. It is crucial to understand that this incident does not involve our merchants or their relationships with their customers.”

Visa and MasterCard began investigating a major breach of credit-card numbers at a payment processor, with Visa saying it was "aware of a potential data compromise incident at a third-party entity affecting credit-card account information from all major card brands".

Neither card brand has named the compromised entity, but on Friday a Wall Street Journal story pinned the blame on Atlanta-based Global Payments. The report said some 50,000 cards were impacted, but security blogger Brian Krebs said the number could reach ten million.

Avivah Litan, vice-president and distinguished analyst at Gartner, told SC Magazine US that her sources within the payment industry have told her the breach was sustained by a New York City-based taxi cab and garage parking company, and was the work of a Central American gang.

A city Taxi and Limousine Commission spokesman, Allan Fromberg, told SC Magazine US that he wasn't aware of any breach, but said there were 65 so-called "medallion agents" who lease taxi cabs to drivers. They serve as merchants and contract with third parties to process cab fares that are paid with credit cards.

Visa, in its statement, said it was contacting "payment card issuers" with information about card numbers that may have been compromised.

Visa also pulled its seal of approval for the Visa also pulled its seal of approval for the taxi cab company, saying that the breach has affected less than 1.5 million accounts and that the incident is "contained".

Global Payments said that its investigation has revealed to date that Track 2 card data may have been stolen, but that cardholder names, addresses and social security numbers were not obtained by the criminals.

Share this article: