GlobalPayments, a payment processor dealing with the fallout from a massive breach involving an estimated 1.5 million credit cards, said Tuesday that banks are reissuing more credit cards beyond the scope of the breach to reduce risk of fraudulent transactions.
We continue to believe that less than 1.5 million card numbers may have been exported.
The GlobalPayments breach was announced in March, releasing only minimal information to the public. The company indicates that forensics investigators believe the scope of the breach is fewer than 1.5 million stolen credit cards, meaning cybercriminals had access to a “limited segment” of its North America processing system.
No time frame has been given to credit card holders or merchants to better understand how long credit card transactions handled by GlobalPayments were exposed to the cybercriminals. But the fallout has resulted in banks reissuing more than a million new credit cards to customers to contain fraudulent transactions and limit the damage if the scope of the breach widens.
“In a matter of this nature, the card brands cast a wide net to protect consumers, and we supply as much information as possible to assist over the course of the investigation,” the payment processor said on its data security breach information website. “We continue to believe that less than 1.5 million card numbers may have been exported.”
The company said forensics teams have determined that Track 2 data – numerical card information -- was stolen. Visa, however has reported the exposure of Track 1 and 2 data following the GlobalPayments breach announcement, leading some experts to speculate that there may be more than one breach.
The payment processor has assured merchants that despite having to be revalidated under PCI DSS, it will continue to provide payment processing services. The firm said a merchant’s PCI DSS validation will not be impacted, despite several card brands, including Visa and MasterCard, removing GlobalPayments from their list of PCI DSS compliant service providers.