Can you tell me what went wrong in the Global Payments breach? Any lessons for other enterprises that fall under...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Ask the expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Brian Krebs, who chronicled the Global Payments data breach on his blog, reported the breach of the payment card processing firm went as far back as January 2011 and may have included more than 10 million card numbers. Global Payments issued a press release stating 1.5 million card numbers may have been exposed.
There have been few technical details released by any of the reports as to the source of the breach. Global Payments stated that it believes the incident has been contained. Krebs reported that Global Payments was compromised by attackers in 2011, though it switched to a different hosting company in 2012, when the attackers bypassed the end-to-end encryption Global Payments employed. The attackers stated they were able to bypass the encryption by gaining full access to the systems where card numbers were decrypted. The attackers also stated they went back every month to retrieve the captured data.
Global Payments could have moved hosting companies in an effort to eradicate the attackers from its network, but this seems unlikely unless Global Payments rebuilt all of its systems in use, reset all passwords, and re-secured all of its systems. Changing the hosting provider and potentially changing the IPs in use, but not performing the other actions, makes it difficult to prevent attackers from reentering its systems or maintaining an existing data exfiltration effort. Other enterprises that must comply with PCI DSS will only learns lessons from this data breach when Global Payments releases more details, but no new technical details have been released as of September, 2012. Many of the actions by the attacker could have been detected by careful review of logs or instrumentation of Global Payments' network security monitoring.
Dig Deeper on Data security breaches
Related Q&A from Nick Lewis
Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.continue reading
A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to ...continue reading
A new exploit of CLDAP servers can be used for a DDoS reflection attack that gives attackers a 70x boost. Nick Lewis explains how to defend against ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.