Visa and MasterCard have reportedly warned banks of a major potential breach at a U.S.-based credit card processor, but neither firm has revealed which processor had been compromised. Alerts sent out to U.S. banks late last week advised them that certain cards may have been compromised, and that full Track 1 and Track 2 data was taken, which means perpetrators got enough to counterfeit new cards.
The breach may involve more than 10 million compromised card numbers. Here's an excerpt from Krebs on Security, which broke the story and said sources in the financial sector are calling the breach "massive":
It's not clear how many cards were breached in the processor attack, but a sampling from one corner of the industry provides some perspective. On Wednesday, PSCU — a provider of online financial services to credit unions — said it alerted 482 credit unions that appear to have had cards impacted by the breach, and that a total of 56,455 member VISA and MasterCard accounts were compromised. PSCU said fraudulent activity had been detected on a relatively small number of those cards — 876 accounts — and that the activity was geographically dispersed.
The breach is believed to have occurred between January 21 and February 25, 2012. The affected banks are reportedly analyzing data transactions in the hopes of tracking down a common point of purchase. So far, most of the dodgy transactions analysed point to parking garages in and around New York City.
While it doesn't appear that either of the credit card companies were breached themselves, they should be able to offer insight into what happens next. I have contacted both Visa and MasterCard for more information and will update you if I hear back.