TechCrunch:Hackers stole credit card numbers belonging to as many as 1.5 million MasterCard and Visa customers, Global Payments, Inc. confirmed on Sunday. The international credit card processor was blocked by Visa after it reported the possibility of a major security breach on Friday. The company did not indicate how the hackers gained access to its system or who might be responsible for the attack. ”Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained,” the firm told The Wall Street Journal while noting that cardholder names, addresses and Social Security numbers were not compromised. The company did say that the credit card numbers were downloaded during the attack rather than just being accessed, however, indicating that the perpetrators may intend to use the information to create counterfeit credit cards. Affected Visa and MasterCard customers have not yet been notified that their account information was stolen.
On Friday, we heard the news that payments processor Global Payments was hit with a massive security breach involving MasterCard and Visa cardholders. At the time it was unclear the reach of the security issue, which was being investigated by the U.S. Secret Service. Tonight, Global Payments reports that those cards affected in the breach processing system were confined to North America and up to 1.5 million card numbers may have been exported. Visa had originally pegged that number at around 50,000 cards stolen.
So far, the investigation has revealed that card numbers may have been stolen, but that cardholder names, addresses and social security numbers were not obtained by the criminals. As stated in the release: Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained.
“We are making rapid progress toward bringing this issue to a close. Our nearly 4,000 employees around the world are focused on providing exceptional service. We are open for business and continue to process transactions for all of the card brands,” said Global Payments CEO Paul R. Garcia in a release.
The fact that data like social security numbers and addresses weren’t stolen in the security breach is good news for cardholders. Still, credit card companies will have to re-issue new cards to those affected and monitor accounts, and the potential reach of the breach is much larger than expected. The Wall Street Journal reported that Global Payments handled $120.6 billion in Visa and MasterCard card volume last year alone.
It’s still unclear the origin of the hack.
KnocUpdated Visa and MasterCard have been quietly informing banking partners that a third-party supplier has suffered a major breach of security that could let the attacker clone users' cards.
According to Krebs on Security, the credit card companies are warning that between January 21 and February 25, a successful attack appears to have occured and that Track one and Track two data could have been stolen. Those terms refer to the data stored on the magnetic stripes on the backs of cards, and indicate that the attacker could clone legitimate cards at will.
"Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands," the credit card company told El Reg in an email. "There has been no breach of Visa systems, including its core processing network VisaNet. Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards."