Data Leaks: US Processor Impacted by a Security Breach
- Visa, MasterCard and Discover have warned banks of a possible data breach likely to have put over 10 million card numbers at risk (this figure remains uncertain). The large-scale security breach occurred between 21 January and 25 February 2012 at an US-based processor. At first, no name had been disclosed. It would however appear that Global Payments could be more directly concerned but doubts remain. This processor confirmed in a press release it discovered an unauthorised access of its processing system in early March.
- According to the main card networks, the retrieved data could be used to manufacture counterfeited cards. MasterCard confirmed having informed all relevant authorities. In addition to banks’ internal verifications, an official investigation is under way.
- According to Avivah Litan, VP and analyst at Gartner, this breach may involve a New York-based taxi and parking garage company. Also, Krebs on Security explains it could be linked to New York City Dominican street gangs and would mainly be affecting commercial cards.
Source: The New York Times
- International networks are insisting on the absence of breach in their respective systems. Visa reminds the availability of its zero liability protection programme, and that any such incident at a processor could compromise all main networks’ card data.
- Very soon, this disclosure impacted Global Payments stocks (-9%) before trading was halted on Friday 30 March.
- Several processors, including Heartland, VeriFone Systems and First Data have subsequently denied responsibility for this potential breach.
- These incidents also remind us of previously debated cases: attack against Citigroup in June 2011 on 200,000 North American card numbers, attack against Heartland (end 2008, disclosed beginning 2009) and associated legal proceedings, case of TJX Companies in 2007 (see May 2010 Insight).