Brian Krebs reports:
VISA and MasterCard are alerting banks across the country about a recent major breach at a U.S.-based credit card processor. Sources in the financial sector are calling the breach “massive,” and say it may involve more than 10 million compromised card numbers.
Read more on KrebsonSecurity. As always, Brian is all over this story and has gotten some leads from sources and interviews:
Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area.
Ever since Heartland’s breach, numerous breach reports in the media have (erroneously) mentioned a payment processor. This time, it sounds like we really do have another processor breach. Brian reports that “PSCU — a provider of online financial services to credit unions — said it alerted 482 credit unions that appear to have had cards impacted by the breach.”
ELGA , a credit union in Michigan, was one of the credit unions that received notification, although it’s not clear whether they were notified by PSCU or by VISA or MasterCard; 450 of their members were reportedly affected.