Global Payments, a third-party payments processor to Visa and MasterCard credit and debit cards, reiterated that while customer data may be at risk, the data breach has been "contained to the best of our ability." Overall, 1.5 million accounts may have been affected.
Global Payments chairman and chief executive Paul Garcia said that the "diligent work" may take some time, but will complete the ongoing investigation and identify any changes that need to be implemented.
Garcia said the breach is contained and the company will get its record of compliance back with Visa and MasterCard "as soon as possible." Executives were upbeat about Global Payments' ability to regain its record of compliance with credit card associations.
The company said it doesn't believe any fraudulent charges were made using the stolen numbers.
Separately, Global Payments reported third quarter earnings of $57.9 million, or 73 cents a share, on revenue of $533.5 million, up 17 percent from a year ago. Non-GAAP earnings in the third quarter were 83 cents a share. Wall Street was looking for earnings of 84 cents a share.
Global Payments projected 2012 revenue to be $2.15 billion to $2.2 billion. The company expects non-GAAP earnings of $3.50 a share to $3.58 a share. GAAP earnings were $3.10 a share to $3.18 a share.
Charges related to the breach weren't disclosed because the investigation is ongoing.
Approximately three weeks ago, the breach was discovered. Within hours, law enforcement had been contacted. Garcia described how the company "jumped on this instantly," and that only a "handful of servers" were affected.
Here's what happened and when:
On Friday, it was first reported that Global Payments suffered a security breach, where as many 50,000 cardholders may have had their information exposed.
Global Payments processes card payments between merchants and banks, sitting in the 'middle-ground' directing where payment data should go.
Brian Krebs, who first reported the breach, initially warned that 10 million cards may be compromised. On Sunday, Global Payments revised down Krebs' figure as it confirmed as many as 1.5 million Visa and MasterCard accounts may have been compromised by the security breach.
While card numbers may have been downloaded from its systems, no other personal data --- such as names, addresses, or Social Security numbers --- were accessed.
Both Visa and MasterCard confirmed there was no breach to its own systems.
Visa and MasterCard both sent out non-public alerts to banks to warn of the breach that was thought to have occurred between January 21 and February 25, as Global Payments informed law enforcement andbrought in an independent data security organisation to inspect any damage.
Visa, as a result of the breach, removed Global Payments from its list of approved service providers, but invited it to re-apply once it submits evidence to show its security is "in compliance with Visa's standards."
MasterCard said it had not followed Visa's move, but was awaiting the result of an independent forensic investigation before it made any decision.
Associated Press reported that a technical problem affected the Visa network for 45 minutes on Sunday evening, which resulted in users unable to use their credit and debit cards. Visa confirmed this was not as a result of the recent security breach.
While the reputation of Visa and MasterCard stands in jeopardy, Global Payments lies in ruins. But Jefferies analyst Jason Kupferberg said that the processor can weather the storm.
The processor has $300--400 million in unrestricted cash, which could pay for the damage left by the breach, compared to figures by the 2009 Heartland data breach, in which 130 million accounts ran compromised. Analysts weighed in almost immediately after the breach with their opinions.
- Global Payments financial hit over breach likely manageable
- Security breach extends to Global Payments card processor
- CNET: Massive security breach leaves cardholders vulnerable
- Up to 1.5M credit card numbers stolen from Global Payments