News

GlobalPayments breach update explains scope of lapse

SearchSecurity.com Staff

GlobalPayments, a payment processor dealing with the fallout from a massive breach involving an estimated 1.5 million credit cards, said Tuesday that banks are reissuing more credit cards beyond the scope of the breach to reduce risk of fraudulent transactions.

    Requires Free Membership to View

We continue to believe that less than 1.5 million card numbers may have been exported.

GlobalPayments

The GlobalPayments breach was announced in March, releasing only minimal information to the public. The company indicates that forensics investigators believe the scope of the breach is fewer than 1.5 million stolen credit cards, meaning cybercriminals had access to a “limited segment” of its North America processing system.

No time frame has been given to credit card holders or merchants to better understand how long credit card transactions handled by GlobalPayments were exposed to the cybercriminals.  But the fallout has resulted in banks reissuing more than a million new credit cards to customers to contain fraudulent transactions and limit the damage if the scope of the breach widens.

“In a matter of this nature, the card brands cast a wide net to protect consumers, and we supply as much information as possible to assist over the course of the investigation,” the payment processor said on its data security breach information website. “We continue to believe that less than 1.5 million card numbers may have been exported.”

The company said forensics teams have determined that Track 2 data – numerical card information -- was stolen. Visa, however has reported the exposure of Track 1 and 2 data following the GlobalPayments breach announcement, leading some experts to speculate that there may be more than one breach.

The payment processor has assured merchants that despite having to be revalidated under PCI DSS, it will continue to provide payment processing services. The firm said a merchant’s PCI DSS validation will not be impacted, despite several card brands, including Visa and MasterCard, removing GlobalPayments from their list of PCI DSS compliant service providers.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: