Can you tell me what went wrong in the Global Payments breach? Any lessons for other enterprises that fall under...
Ask the expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Brian Krebs, who chronicled the Global Payments data breach on his blog, reported the breach of the payment card processing firm went as far back as January 2011 and may have included more than 10 million card numbers. Global Payments issued a press release stating 1.5 million card numbers may have been exposed.
There have been few technical details released by any of the reports as to the source of the breach. Global Payments stated that it believes the incident has been contained. Krebs reported that Global Payments was compromised by attackers in 2011, though it switched to a different hosting company in 2012, when the attackers bypassed the end-to-end encryption Global Payments employed. The attackers stated they were able to bypass the encryption by gaining full access to the systems where card numbers were decrypted. The attackers also stated they went back every month to retrieve the captured data.
Global Payments could have moved hosting companies in an effort to eradicate the attackers from its network, but this seems unlikely unless Global Payments rebuilt all of its systems in use, reset all passwords, and re-secured all of its systems. Changing the hosting provider and potentially changing the IPs in use, but not performing the other actions, makes it difficult to prevent attackers from reentering its systems or maintaining an existing data exfiltration effort. Other enterprises that must comply with PCI DSS will only learns lessons from this data breach when Global Payments releases more details, but no new technical details have been released as of September, 2012. Many of the actions by the attacker could have been detected by careful review of logs or instrumentation of Global Payments' network security monitoring.
Dig Deeper on Identity Theft and Data Security Breaches
Related Q&A from Nick Lewis
Latentbot malware has layers of obfuscation that makes it hard to detect. Expert Nick Lewis explains how its process works, beginning with a phishing...continue reading
A hard to detect type of Linux malware, Rekoobe, can download files to user systems. Expert Nick Lewis explains the malware's key functionality and ...continue reading
Pro POS, a new type of POS malware, has simple operations and is easy to obtain. How was it so successful against businesses? Expert Nick Lewis ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.