Newsroom
April 02, 2012
Data breach affects 1.5 million
April 2, 2012 – A data breach at Global Payments Inc., a third-party processor serving Visa, MasterCard, American Express and Discover, involved the theft of account numbers and other information from as many as 1.5 million accounts in North America, reports said.
Global released the estimated impact in a statement Sunday, two days after reports surfaced in wire news stories. In its statement, Global said the breach involved "Track 2" data, which doesn't include cardholder names, addresses or Social Security numbers.
Reports estimated that the breach occurred in January and February.
"The company continues to work with industry third parties, regulators and law enforcement to assist in the efforts to minimize potential cardholder impact," the firm said in its statement.
A Wall Street Journal article reported Sunday that Visa had removed the firm from its list of "compliant" processors and asked that it provide new information showing it is up to standard before it is put back on it. The New York Times followed later with details from the Global statement.
Early reports Friday said MasterCard and Visa reported having notified financial institutions about the breach. Discover was monitoring accounts for suspicious activity and would reissue cards as appropriate, the reports said.
Lawmakers are looking at issues surrounding data security, including data protection standards and practices following a data breach. NAFCU continues to seek enactment of comprehensive data security legislation that would ensure nondepository firms are held to data protection rules and standards and are required to disclose breaches when they occur.
Global released the estimated impact in a statement Sunday, two days after reports surfaced in wire news stories. In its statement, Global said the breach involved "Track 2" data, which doesn't include cardholder names, addresses or Social Security numbers.
Reports estimated that the breach occurred in January and February.
"The company continues to work with industry third parties, regulators and law enforcement to assist in the efforts to minimize potential cardholder impact," the firm said in its statement.
A Wall Street Journal article reported Sunday that Visa had removed the firm from its list of "compliant" processors and asked that it provide new information showing it is up to standard before it is put back on it. The New York Times followed later with details from the Global statement.
Early reports Friday said MasterCard and Visa reported having notified financial institutions about the breach. Discover was monitoring accounts for suspicious activity and would reissue cards as appropriate, the reports said.
Lawmakers are looking at issues surrounding data security, including data protection standards and practices following a data breach. NAFCU continues to seek enactment of comprehensive data security legislation that would ensure nondepository firms are held to data protection rules and standards and are required to disclose breaches when they occur.
Share This
Related Resources
Data Privacy Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
NAFCU Data Privacy Principles
Whitepapers
Compliance Monitor - August 2018
Newsletter
Get daily updates.
Subscribe to NAFCU today.