DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Global Payments confirms data breach (Update 2)

Posted on March 30, 2012 by Dissent

After being named by the Wall Street Journal earlier today, Global Payments Inc. has issued a press release about the breach reported earlier today by Brian Krebs:

Global Payments Inc, a leader in payment processing services, announced it identified and self-reported unauthorized access into a portion of its processing system. In early March 2012, the company determined card data may have been accessed. It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potential cardholder impact. The company is continuing its investigation into this matter.

“It is reassuring that our security processes detected an intrusion. It is crucial to understand that this incident does not involve our merchants or their relationships with their customers,” said Chairman and CEO Paul R. Garcia.

Global Payments will hold a conference call Monday, April 2, 2012 at 8:00 AM EDT.

[…]

And that’s all they wrote in the way of details. For now, anyway.

Update 1: John Ribeiro reports late Sunday night, Global Payments stated that up to 1.5 million accounts’ information may have been “exported.”  Names and addresses  were not involved. Not surprisingly, and as it has done in the past with others, Visa dropped them from the list of compliant service providers until they get re-certified as PCI DSS compliant.  Global is holding a conference call this morning so there may be additional updates then.  Their updated press statement from Sunday can be found here.

Update 2:  In the conference call this morning, Global Payments firmly denied that it had had any previous breach (which had been reported by the New York Times, who attributed the allegation to “two individuals briefed on the investigations who spoke on condition of anonymity because they were not authorized to speak publicly.”).   In discussing the breach, Paul Garcia, Chairman and CEO of Global Payments, noted that a lot of information that had been floating around about the breach was unhelpful and “incredibly inaccurate.” Other than denying the specific allegation that this was not their first breach, they did not give specifics on what other rumors were inaccurate.

A few other details came out in the conference call, including that the breach involved only a “handful” of their servers in their North American system.   Details of the attack were not disclosed as it is still under investigation by both forensics teams and criminal investigators but only Track 2 data were involved, and the firm is fairly confident in its 1.5 million estimate for number affected.  They say they are not aware of any fraudulent transactions as a result of the breach but have set up a web site that will go live at some point today to assist consumers: www.2012infosecurityupdate.com.  At this point, the firm believes the breach has been contained and that any costs they may incur will be manageable.

Related posts:

  • Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty
Category: Breach IncidentsFinancial SectorHackOf NoteU.S.

Post navigation

← Sources: Global Payments breached – Wall Street Journal
militarysingles.com hacked and large amount of data leaked →

2 thoughts on “Global Payments confirms data breach (Update 2)”

  1. Merchant Account says:
    April 4, 2012 at 4:43 pm

    From what we know, the Global Payments hackers may have managed to gain access to Track 2 data, which includes the account number, the card’s expiration date and some other pieces of data, but not the cardholder’s name, address, SSN and the card security code. So cardholders should now be on a high alert for phishing attacks, which may be employed by the criminals as a way to obtain the missing data. Of course, that depends on the hackers having obtained their victims’ email addresses, which we don’t know.

    1. admin says:
      April 5, 2012 at 12:07 pm

      No indication of any e-mail addresses. And I wouldn’t expect there to be in a routine card transaction.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.