Credit card data breach contained, says Global Payments

Selection of credit cards The breach exposed credit card details but not names or addresses

Related Stories

A data breach that may have exposed as many as 1.5 million credit card accounts has been "absolutely contained", according to the firm behind the leak.

Global Payments processes payments for firms such as Visa, Mastercard and American Express.

It admitted that thieves had accessed card account numbers, expiration data and security codes.

This prompted Visa to drop the US firm from its list of approved vendors.

The firm's share price also fell.

The breach was first revealed on Friday when Visa and Mastercard notified issuers of its credit cards of the breach. On Monday, American Express said it was still determining the extent to which its card member data may have been affected, and Discover Financial Services said it would reissue cards as appropriate.

Website help

Over the weekend, Global Payments said the thieves had exported the stolen information but stressed that they did not have customer names, addresses or Social Security numbers.

The company said it would work with regulators, industry third parties and law enforcement agencies to help minimise any impact to credit cardholders.

It has set up a website to help cardholders although it has not provided the names of stores or banks that were affected by the breach. The company's share price fell more than 3% on Monday, following a 9% drop on Friday.

Besides processing cards in the US, Global Payments provides its services to government agencies, businesses and others in Canada, Europe and the Asia-Pacific region.

Global Payments Chief Executive Paul Garcia has pledged to spend more on security.

However, he told the Wall Street Journal that he was not surprised that Visa had struck his firm off its list of approved payment processors.

"It wouldn't be unexpected for Mastercard to take similar action," he added.

Spear phishing

Security firms warned that hackers could use the information they took to mine more personal data.

This is used in so-called spear phishing attacks, in which highly targeted fake emails are sent to people mimicking a message from their real bank and asking them to hand over personal information.

A number of security breaches have taken place in the last couple of years.

Last June, hackers stole information for 360,000 credit card accounts at Citigroup. In the past year, there have been high-profile data attacks against the International Monetary Fund, Google and Sony's PlayStation Network.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories



  • Alana Saarinen at pianoMum, Dad and Mum

    The girl with three biological parents

  • Polish and British flags alongside British roadsideWar debt

    Does the UK still feel a sense of obligation towards Poles?

  • Islamic State fighters parade in Raqqa, Syria (30 June 2014)Who backs IS?

    Where Islamic State finds support to become a formidable force

  • Bride and groom-to-be photographed underwaterWetted bliss

    Chinese couples told to smile, but please hold your breath

  • A ship is dismantled for scrap in the port city of Chittagong, BangladeshDangerous work

    Bangladesh's ship breakers face economic challenge

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.