Global Payments Inc Data Breach (Part 1 of 2)

Jorge Flores

You thought 2011 was the "Year of the Data Breach"?

Think again.

The Global Payments Inc data breach puts 2012 on the map in a BIG way.

So big, actually, that I had to break up this blog into a 2-part series to adequately cover all of the details.

In what has already become a solid runner-up for another “Year of the Data Breach” award, 2012 continues to deliver on the cyber crime front. Atlanta-based Global Payments Inc, one of the largest payment processors responsible for the transactions of more than 1 million merchant and business locations around the globe, has been breached. The official breach disclosure was self-reported on March 30^th by Global Payments and confirmed shortly thereafter by major card brands MasterCard and Visa. Many believe the disclosure was triggered in part by a report released earlier in the day by security expert Brian Krebs. This report disseminated information from Visa and MasterCard about a then-undisclosed payment processor that may have been breached. This breach incident could potentially affect millions of payment card accounts spanning across every major card brand distributed by any major bank or credit union.

The exact details surrounding the incident and consequences are vast and convoluted. According to the original breach report by Krebs, more than 10 million accounts could have been affected; with fraudulent activity from 800+ accounts being the original source of the investigation from MasterCard and Visa. This information included Track 1 and Track 2 data. To be clear, “Track 1” data generally refers to the information on the front of the payment card (cardholder identifying information: name, address, etc.) and “Track 2” data refers to the information on the back of the card (account identifying information: account #, CCV2, etc).

Global Payments entertained questions by investors in regards to the details of this data breach on an April 2^nd conference call. I was able to locate a transcript of the conference call so I will be combing through it this week. With all of the contrasting information circulating around the Internet regarding this data breach it will be interesting to dive into what Global Payments deems the official numbers and details stemming from their ongoing forensic investigation. Stay tuned to next week's blog for an in-depth analysis including commentary from Paul Garcia, Chairman & CEO of Global Payments Inc.

 

Sources:

http://abcnews.go.com/Business/questions-answers-security-breach-acknowledged/story?id=16054236

http://www.bankinfosecurity.com/articles.php?art_id=4655

http://content.usatoday.com/communities/technologylive/post/2012/03/merchants-on-hook-for-global-payments-breach/1#.T4MTTtUf7zM