MasterCard and Visa are warning banks about a possible breach at a credit card processor, according to a report from Krebsonsecurity.com.
Update, 4:45 pm: Atlanta based processor Global Payments just confirmed the breach via press release. Their full statement is below:
“Global Payments Inc. (NYSE: GPN), a leader in payment processing services, announced it identified and self-reported unauthorized access into a portion of its processing system. In early March 2012, the company determined card data may have been accessed. It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potential cardholder impact. The company is continuing its investigation into this matter.
“It is reassuring that our security processes detected an intrusion. It is crucial to understand that this incident does not involve our merchants or their relationships with their customers,” said Chairman and CEO Paul R. Garcia.
Visa and Mastercard are alerting banks about a breach at a U.S. based card processor that occurred between late January and late February, 2012. The exact size of the breach is unknown, but may involve more than 10 million compromised cards.
According to Krebs, it’s not clear how many cards were breached in the processor attack, but a sampling from one corner of the industry provides some perspective. The data stolen may include full Track 1 and Track 2 information, which would make it easy for criminals to create counterfeit cards using the stolen data. On Wednesday, PSCU — a provider of online financial services to credit unions — said it alerted 482 credit unions that appear to have had cards impacted by the breach, and that a total of 56,455 member VISA and MasterCard accounts were compromised. PSCU said fraudulent activity had been detected on a relatively small number of those cards — 876 accounts — and that the activity was geographically dispersed.
This could be BIG, folks! Sophisticated hackers have targeted credit card processors before, one major example being the attack on Heartland Payment Systems in 2009 (I was personally a victim), which turned out to be one of the largest credit card compromises in history.
As always, stay safe, stay alert and keep a close eye on your credit card statements!!!
Update, 12:45 pm: The Wall Street Journal is reporting that the breached processor was Global Payments Inc., which processes credit and debit cards for banks and merchants.
Also, according to Krebsonsecurity.com, law enforcement investigators believe that this breach may be somehow connected to Dominican street gangs in and around New York City. This comes from two reliable sources.
Gartner fraud analyst Avivah Litan adds a bit more perspective to this story, saying the people she is talking to with knowledge of the situation say they are “seeing signs of the breach mushroom.”