The personal data of thousands of customers — from all major credit card brands — has been leaked from a third-party processing company.
The massive leak was first reported by the security news blog Krebs on Security
According to a follow-up story from The Wall Street Journal, the breach came from the Atlanta-based payment processing firm Global Payments, not from a credit card company. Global Payments works with debit cards, credit cards and gift cards.
The Wall Street Journal’s report suggests the possible window for the breach was between Jan. 21 and Feb. 25.
So far, there are no indications that any customers have experienced fraudulent transactions on their accounts.
MasterCard said it was investigating the breach, and that its core network was not hacked.
“MasterCard is currently investigating a potential account data compromise event of a U.S.-based entity,” MasterCard said in a statement. “As a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk. It is important to note that MasterCard’s own systems have not been compromised in any manner.”
MasterCard added that it has notified law enforcement of the breach and an “ongoing forensic review” has been launched.
Visa also acknowledged a “data compromise” of an outside company, but said there was no breach of Visa’s own network.
“Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands,” Visa said in a statement. “There has been no breach of Visa systems, including its core processing network VisaNet. Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards.”
Neither Visa nor MasterCard issue their own credit cards. Instead, they process transactions made on cards issued by banks and other financial institutions.
Posted via email from Don Peer
