Can you tell me what went wrong in the Global Payments breach? Any lessons for other enterprises that fall under...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Ask the expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Brian Krebs, who chronicled the Global Payments data breach on his blog, reported the breach of the payment card processing firm went as far back as January 2011 and may have included more than 10 million card numbers. Global Payments issued a press release stating 1.5 million card numbers may have been exposed.
There have been few technical details released by any of the reports as to the source of the breach. Global Payments stated that it believes the incident has been contained. Krebs reported that Global Payments was compromised by attackers in 2011, though it switched to a different hosting company in 2012, when the attackers bypassed the end-to-end encryption Global Payments employed. The attackers stated they were able to bypass the encryption by gaining full access to the systems where card numbers were decrypted. The attackers also stated they went back every month to retrieve the captured data.
Global Payments could have moved hosting companies in an effort to eradicate the attackers from its network, but this seems unlikely unless Global Payments rebuilt all of its systems in use, reset all passwords, and re-secured all of its systems. Changing the hosting provider and potentially changing the IPs in use, but not performing the other actions, makes it difficult to prevent attackers from reentering its systems or maintaining an existing data exfiltration effort. Other enterprises that must comply with PCI DSS will only learns lessons from this data breach when Global Payments releases more details, but no new technical details have been released as of September, 2012. Many of the actions by the attacker could have been detected by careful review of logs or instrumentation of Global Payments' network security monitoring.
Dig Deeper on Identity Theft and Data Security Breaches
Related Q&A from Nick Lewis
Vonteera adware has the ability to disable antimalware software on endpoint devices. Expert Nick Lewis explains how enterprises can prevent this ...continue reading
ModPOS, a new POS malware, compromised millions of credit card accounts in 2015. Expert Nick Lewis explains how cybercriminals use this malware and ...continue reading
Amex cards have been discovered to be vulnerable to credit card hacking. Expert Nick Lewis explains how this happens, and what can be done about Chip...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.