Data Leaks: Global Payments Again Impacted
- The US-based processor Global Payments has had to face new attacks and, according to their release, the new penetrations might have enabled the retrieval of merchant account creation-related data. This announcement insists on the exceptional character of these kinds of attacks.
- Also, however an intrusion has been detected and publicly acknowledged, according to Global Payments it is unsure whether the attackers looked at this information: it might not even have left the system. Considering this turmoil, they uphold that any affected applicants would benefit from a free credit-report and one million in identity-protection insurance. The precise nature of the data at risk has not been disclosed, yet, judging by the extensiveness of applications files for payment card acceptance, it could be rather comprehensive.
Source: Global Payments’ press release
- This announcement comes right after the processor’s disclosures last March regarding a security breach likely to have impacted 1.5 million mag-stripe cards and related issuing data (this figure remains unclear, and could be reassessed up). In this case, according to Global Payments, cardholders’ names and social security numbers were not concerned yet, for more security, a larger number of card data would have been provider to the issuers for control.
- Considering these incidents, Global Payments has been removed from the international card schemes’ lists (see April 2012 Insight) and now works towards regaining its status as PCI-compliant processor, however no date has been set for its Report on Compliance. In this effort to rise back up the processor has hired a dedicated QSA.
- The financial losses derived from these intrusions have not been disclosed either, but the impact on the company’s image is undeniable. Visa or MasterCard might as well impose stiff fines. These issues could be clarified end July when the company will announce its annual results.
- We should also note that according to a recent report released by Guardian Analytics and McAfee, Dissecting Operation High Roller, several attacks would have impacted about 60 financial institutions and other credit organisations since the beginning of the year; fraudsters would have attempted to transfer from 60 million to 2 billion euros, which emphasises the current level of risk.