More Information Possibly Stolen From Credit-Card Processor Global Payments
Global Payments Inc., which handles transactions for retailers and banks, is facing more fallout from a massive data breach that exposed the financial information of as many as 1.5 million Visa and MasterCard customers earlier this year.
On Tuesday (June 12), the payments processor admitted that during the investigation into the initial data breach, which occurred between Jan. 21 and Feb. 25, Global Payments discovered "potential unauthorized access" into databases that stored the credentials of merchants applying to have their sales processed.
Anyone viewing the data could have made off with merchants' bank-account numbers and driver's license numbers, as well as their names, addresses and Social Security numbers, the Associated Press reported.
"It is unclear whether the intruders looked at or took any personal information from the company's system," Global Payments said in a statement.
Global Payments' statements did not make clear whether the potential breach of merchant data was directly linked to the theft of 1.5 million consumer credit-card numbers, or a separate intrusion.
Following the security breach earlier this year, Visa and MasterCard warned banks across the U.S. that customers' card data, including their expiration dates, encrypted PINs and security-verification codes, had been stolen. But not all the details added up.
According to security researcher Brian Krebs, who broke the story, Visa and MasterCard said the Global Payments breach occurred between Jan. 21 and Feb. 25, but Global Payments said it detected the breach in "early March."
Also, the credit-card companies said enough confidential information was taken to counterfeit new cards, but Global Payments said cardholder names, addresses and Social Security numbers were "not obtained by the criminals."
The Associated Press reported that the issue is still "murky," because Global Payments has yet to identify the merchants and banks affected by the data breach, or estimate how many people may be at risk for identity theft.
Global Payments CEO Paul Garcia said in a conference call Tuesday that "this incident is contained."
Garcia and other executives stressed that Global Payments was providing as much information as it could without jeopardizing its own investigation and a concurrent federal law-enforcement investigation.