Word got out on Friday that Visa and MasterCard had begun notifying card issuers about a data security breach at a U.S.-based merchant acquirer processor. The blog that leaked the news, Krebs on Security, was flooded with web traffic within minutes of announcing the breach investigation. By early afternoon, trading of GPN shares was halted on the New York Stock Exchange. By the end of the day, the name of the breached processor was front page news on Bloomberg, Reuters, Forbes, and several other online news outlets. At that point, Global Payments officially disclosed the breach in a press release. Sunday saw Global removed from Visa’s list of PCI-DSS compliant service providers. This morning, Global Payments held a conference call to officially address the scope of the breach, which they said exposed Track 2 data of an estimated 1.5 million card accounts.
Global Payments chief executive Paul Garcia is quoted in the company’s statement as saying that “We are making rapid progress toward bringing this issue to a close,” and emphasized that all major brands of cards still allow Global Payments to act as a payment processor.
While 1.5 million breached cards is by no means good news, it’s far better than might be expected for a breach of a payment card processor, which act as middlemen between retailers and banks, and thus often have access to massive collections of sensitive card data. In 2005 criminals compromised close to 40 million accounts of the processor firm CardSystems, and in 2009, hackers stole a collection of credit cards estimated at well over 100 million from Heartland Payment Systems, an unprecedented megabreach that eventually cost that processor close to $140 million.
Click here to read more from Forbes.com.