Up to 1.5 million Visa, MasterCard credit card numbers stolen

Up to 1.5 million Visa, MasterCard credit card numbers stolen

Summary: U.S.-based credit card processor company Global Payments has confirmed that its security breach was confined to North America, and that less than 1.5 million credit cards were stolen.

TOPICS: Banking, Security

Update - Over 1.5 million Visa, MasterCard credit card numbers stolen?

Global Payments, the U.S.-based credit card processor company that experienced a security breach affecting plastic issued from Visa and MasterCard, today confirmed that the breached portion of its processing system was confined to North America. The company also finally revealed how many credit card numbers were stolen: less than 1,500,000.

News broke on Friday that Visa and MasterCard warned banks of a major potential breach at a U.S.-based credit card processor (see Visa, MasterCard warn of 'massive' security breach and Analysts on Visa, MasterCard credit card security breach). Both Visa and MasterCard then confirmed the breach, although the two also emphasized their own security systems were not compromised. Soon after, Global Payments confirmed it had identified unauthorized access into its processing system.

Estimates previously ranged from 50,000 to 10 million credit cards, but Global Payments has reduced that to just 15 percent of the upper bound. Then again, 1.5 million credit card numbers is nothing to scoff at. Thankfully for Global Payments, analysts say the firm will be able to absorb any costs it needs to.

Previous reports suggested that full Track 1 and Track 2 data was taken, which means perpetrators got enough to counterfeit new cards. Global Payments' investigation to date has revealed that Track 2 card data may have been stolen, but the company is still not sure. On the other hand, Global Payment was confident enough to say that cardholder names, addresses, and social security numbers were not obtained by the criminals.

Last but certainly not least, Global Payments believes that this incident is contained, based on its forensic analysis to date, network monitoring, and additional security measures which it did not detail. The company also says it "continues to work with industry third parties, regulators and law enforcement to assist in the efforts to minimize potential cardholder impact" and that it "has engaged multiple information security and forensics firms to investigate and address this issue."

"We are making rapid progress toward bringing this issue to a close," Global Payments Chairman and CEO Paul R. Garcia said in a statement. "Our nearly 4,000 employees around the world are focused on providing exceptional service. We are open for business and continue to process transactions for all of the card brands."

The origin of the hack is still unknown.

Update - Over 1.5 million Visa, MasterCard credit card numbers stolen?

See also:

Topics: Banking, Security

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Only "less than 1.5 million cards stolen"

    Gotta love how the company tries to "downgrade" the severity of the problem.

    It was only 1.5 mil .... no biggy .... right??
    • Yep.

      I purposefully used both ways of phrasing the amount ;)
  • Many Hats

    This is what happens when you don't have a dedicated person to security. I will bet you they have someone who does the annual audit but then is spinning plates to keep everything else running.

    PCI compliance is no joke and I wish companies who try to shortchange the system start being smart and dedicate someone to just security.

    PCI compliance requires that you have software and certain tools in place to help mitigate the threat of potential hackers.
    I will bet my years of experience they hacked in via a known exploit (that could have been mitigated) or it was an inside job.

    Here is my recommendation for companies who are PCI compliant.

    DEDICATE A SECURITY PERSON! This is not a game, people can go to jail over this.
    You have a fiduciary responsibility to protect your card holder data and to have someone who is managing the network and everything else that plugs into the wall is corporate suicide.

    Find someone who has done audits and has gone through the process of PCI compliance and dedicate him to that role only.
  • I'll wager that they are lying about ...

    both the severity and duration of the break in, in order to minimize losses. After all, their only "fiduciary responsibility" is to "maximize profits for shareholders".
    • and now the tax dodgers will run crying

      to the big, mean, wasteful government to save their a$$es yet again.
  • Civilization can survive...

    Civilization can survive without pay-at-the-pump and without self-checkout. Plenty of stores have done away with self-checkout anyway because of the theft that goes on. Business-owners who buy malfunctioning computer-screen signature machines are irresponsible and should not just be able to depend on their fraud insurance (whose premiums are tax-deductible, I might add) covering everything. Guess who ends up paying for this in the end?
    Valen from http://britainloans.co.uk/