A
data breach that may have exposed as many as 1.5 million credit card
accounts has been "absolutely contained", according to the firm behind
the leak.
Global Payments processes payments for firms such as Visa, Mastercard and American Express.
It admitted that thieves had accessed card account numbers, expiration data and security codes.
This prompted Visa to drop the US firm from its list of approved vendors.
The firm's share price also fell.
The
breach was first revealed on Friday when Visa and Mastercard notified
issuers of its credit cards of the breach. On Monday, American Express
said it was still determining the extent to which its card member data
may have been affected, and Discover Financial Services said it would
reissue cards as appropriate.
Website help
Over
the weekend, Global Payments said the thieves had exported the stolen
information but stressed that they did not have customer names,
addresses or Social Security numbers.
The
company said it would work with regulators, industry third parties and
law enforcement agencies to help minimise any impact to credit
cardholders.
It has set up a website to
help cardholders although it has not provided the names of stores or
banks that were affected by the breach. The company's share price fell
more than 3% on Monday, following a 9% drop on Friday.
Besides
processing cards in the US, Global Payments provides its services to
government agencies, businesses and others in Canada, Europe and the
Asia-Pacific region.
Global Payments Chief Executive Paul Garcia has pledged to spend more on security.
However, he told the Wall Street Journal that he was not surprised that Visa had struck his firm off its list of approved payment processors.
"It wouldn't be unexpected for Mastercard to take similar action," he added.
Spear phishing
Security firms warned that hackers could use the information they took to mine more personal data.
This
is used in so-called spear phishing attacks, in which highly targeted
fake emails are sent to people mimicking a message from their real bank
and asking them to hand over personal information.
A number of security breaches have taken place in the last couple of years.
Last
June, hackers stole information for 360,000 credit card accounts at
Citigroup. In the past year, there have been high-profile data attacks
against the International Monetary Fund, Google and Sony's PlayStation
Network.
No comments:
Post a Comment