Global Payments breach occurred months before original estimates

Hackers may have had access to Global Payments’ database as far back as June 2011, according to alerts sent to Visa and MasterCard customers
Hackers may have had access to Global Payments’ database as far back as June 2011, according to alerts sent to Visa and MasterCard customers

Global Payments admitted in late March that around 1.5 million credit card numbers may be been stolen in a massive data breach. Original estimates were reported at 50,000 stolen numbers.

Now it appears that the hackers had access to Global Payments’ database as far back as June 2011, according to alerts sent to Visa and MasterCard customers obtained by security researcher Brian Krebs. The companies had originally estimated that the breach occurred in Janaury 2012, according to Krebs.

In an April 4 letter to Sen. Robert Casey (D-Pa.), Paul Garcia, chairman and chief executive officer, said that the company first discovered the breach on March 8. “We have worked as hard as we can since March 8 to try to do everything right in response to this incident”, Garcia said.

On its website, Global Payments continues to be uninformative. In a May 1 update, the company said that it would be “premature and inappropriate for us to speak to or confirm any timeframes until the investigation is complete. We identified and self-reported this incident in early March, and we will continue to provide information to the appropriate parties as revealed by the investigation.”
 

What’s Hot on Infosecurity Magazine?