Payment processor suffers data breach that exposes 50,000 credit card numbers

One estimate puts the breach as high as 10 million card numbers
One estimate puts the breach as high as 10 million card numbers

The full extent of the breach has not be determined, but MasterCard and Visa alerted their card-issuing bank customers about the breach, the newspaper reported.

Both MasterCard and Visa stressed that their systems were not breached, but declined to comment on how many card had been compromised.

“MasterCard has alerted payment card issuers (the banks) regarding accounts that are potentially at risk. And as we’ve stated in the press, MasterCard’s own systems have not been compromised”, according to a MasterCard blog.

“There has been no breach of Visa systems, including its core processing network VisaNet.Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards”, Visa said in a statement.

Brian Krebs, who first broke the story although without the name of the breached processor, put the estimate as high as 10 million card numbers, based on discussions with financial sources.

Avivah Litan, an analyst with Gartner, said her sources were telling her that they are “seeing signs of this breach mushroom.”

Whatever the final number, this is not good news for Global Payments or the credit cards companies. Bloomberg reported that trading was halted Friday in New York on Global Payments' stock.

Commenting on the breach, Neil Roiter, research director at Corero Network Security, said that credit card information continues to be vulnerable despite the widespread adoption of Payment Card Industry Data Security Standard (PCI DSS) rules. PCI DSS is “highly prescriptive in nature, but simply complying does not ensure credit card security. Companies that rely on PCI DSS to solely dictate their security measures will continue to remain vulnerable to attack", he said.

Mike Potts, CEO of Lancope, commented that the breach “serves as yet another reminder that conventional security solutions are fallible. The perimeter based approach is not sufficient and fails to protect critical data and internal resources that bypass these point solutions.”

What’s Hot on Infosecurity Magazine?