Global Payments sees huge breach, data theft
One payment processing service company experienced a gigantic data breach this past weekend, which highlights the business need for high assurance SSL certificates and code signing digital certificates to help protect data online. Global Payments confirmed late Sunday evening that up to 1.5 million card numbers may have been "exported" by someone who gained unauthorized access to its system.
Following this data breach, Visa said it is removing Global Payments as one of its providers.
“Visa Inc. is aware of a potential data compromise incident at a third-party entity affecting card account information from all major card brands," according to a Visa statement sent to Brian Krebs of the Krebs on Security blog. "There has been no breach of Visa systems, including its core processing network VisaNet."
Global Payments officials have said that it believes the affected portion of the system is localized to North American and Track 2 card data. Computerworld said the American Bankers Association developed track 2 on magnetic cards, which contains account numbers, expiration date and sometimes discretionary data. The company said names, addresses and social security numbers were not obtained by the hackers in this case.
"We are making rapid progress toward bringing this issue to a close," said Chairman and CEO of Global Payments Paul R. Garcia in a statement. "Our nearly 4,000 employees around the world are focused on providing exceptional service. We are open for business and continue to process transactions for all of the card brands."
Amy Corn, a spokeswoman for Global Payments, told The New York Times that the company expects to be reinstated by the card companies but was not sure how long it would take. She said they're still processing transactions for merchants and customers with the same efficiency. The company may want to look into tools for protection of data such as Symantec SSL certificates to help keep customers safe.