Hackers swiped the financial data of thousands of people in a security breach earlier this year, according to reports by Brian Krebs and The Wall Street Journal. Global Payments Inc., an Atlanta-based processing firm that serves as a middleman between merchants and banks, discovered shady activity in early March, though the break-in is suspected to have occurred between January 21 and February 25.
Global Payments quietly alerted others in the financial industry last week, but it seems to have delayed public acknowledgment until word trickled out this morning. The outfit may have wanted to break the news after its quarterly earnings statement on April 4. Its late afternoon press release is scarce on details, but the company is expected to share more information in a conference call on Monday at 8:00AM EDT.
It's unclear what was swiped and how many people are affected. PSCU, a provider of online financial services to credit unions, warned 482 of its clients that 56,455 Visa and MasterCard accounts were compromised, with 876 accounts showing fraudulent activity. That's only a snapshot of the potential damage, according to Krebs. The WSJ reports that hundreds of thousands of cardholders may be at risk.
Avivah Litan, a veteran Gartner analyst specializing in financial fraud, spoke with folks in the credit card industry who are seeing signs of the breach's impact. Litan's sources also claim that the crime was committed by a Central American gang who infiltrated Global Payments' system by correctly answering authentication questions on a poorly secured administrative account. Again, this information is unconfirmed.
Visa and MasterCard promptly announced that their networks weren't compromised. Along with various ongoing internal investigations, the US Secret Service and an unnamed forensic company are looking into the case. Credit firms are monitoring accounts for unusual activity and depending on the severity of the situation, they may issue new cards. Keep an eye on your financial statements in the meantime.