Global Payments Breach in 2011; New Visa, MasterCard alerts
New information regarding a data breach at credit card processor Global Payments now suggests that the event began in 2011, months earlier than initially reported. Security researcher Brian Krebs reported on his KrebsonSecurity website that new details are emerging that change the dates and magnitude of the intrusion. Global Payments, headquartered in Atlanta, performs transaction processing of debit and credit cards, including MasterCard- and Visa-branded cards. The company was ranked as one of the top card processors in 2011, handling over $100 billion in transaction volume.
Initial reports were that the card numbers and other sensitive information of as many as 10 million debit and credit cards were involved. Reports from ongoing internal investigations by the company have since reduced that number to fewer than 2 million cards, according to a statement on a Global Payments-owned website.
But the suspected dates of the intrusion by hackers have changed. The initial intrusion was believed to have been limited to a period from January 21 through February 25, 2012. MasterCard and Visa have since issued seven subsequent alerts regarding the intrusion, with each new alert containing an earlier time frame for the beginning of the intrusion. The most recent alert now indicates that the breach was believed to have begun as early as June, 2011.
MasterCard and Visa have issued statements that their internal systems were at no time compromised by the Global Payment intrusion. Cardholders are typically protected against fraudulent purchases, but they are advised to review account activity and report any unusual or suspicious activity to their financial institution.
IT Lessons and Insights From the Global Payments Breach
The news revealing that the intrusion began much earlier than first reported highlight the importance and value of security. Sophisticated new hacking methods, including so-called "low and slow" types of attacks that may have been used on Global Payments, are difficult to detect and defend against using traditional measures. These attacks underscore the need for high-quality security teams, tools, and tactics to help protect organizations.
The damage from such attacks and intrusions underscore the challenges and risks for both company executives and IT workers. The impact to the company has been significant. Since the first reports of the intrusion, the company has been removed from the approved vendor lists of several credit card payment networks, according to a NASDAQ report.
Global Payments and its IT and security teams are working to revalidate systems and processes to meet Payment Card Industry (PCI) standards. PCI is a data security compliance program required by MasterCard, Visa, and other large debit and credit card companies to help protect against loss from fraud or theft.
The costs and distractions of the ongoing investigation and revalidation activities have not been reported, but they are sure to be significant and necessary.
The Global Payments story provides a strong example demonstrating that having strong security systems and practices in place to avoid such intrustions is quite valuable when compared with the costs of regaining the trust and business lost from security intrusions.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.