Data from up to 1.5 million credit and debit cards from all major card brands, including MasterCard, Visa and Discover, may have been stolen in a data breach at processing firm Global Payments Inc.
But so far, the company does not know of any fraudulent transactions on infiltrated accounts, said Chief Executive Paul R. Garcia in a conference call with analysts on Monday. The hack was confined to North America, he said.
And while card numbers may have been swiped, the company said in a statement late Sunday that cardholder names, addresses and Social Security numbers are safe.
“It is crucial to understand that this incident does not involve our merchants or their relationships with their customers,” Garcia said, adding that the event was the company’s first run-in with a security breach.
On Friday, Visa and MasterCard warned of a possible intrusion into cardholder accounts — a break-in that Global Payments confirmed later in the day. The company said it discovered the problem about three weeks ago at “a handful of servers” and immediately informed its processing partners.
Visa Inc. has since removed Global Payments from a registry of partners who meet data security standards, though the company continues to process Visa transactions. MasterCard posted tips for customers to protect their personal data.
Both said last week that their own systems were not compromised. The U.S. Census Bureau estimates that, this year, nearly 1.2 billion credit cards and 530 million debit cards will be in circulation throughout the country.
Global Payments said it now has “multiple information security and forensics firms,” as well as about 100 of its 4,000 employees, now investigating the issue. Consumers should continue to review their statements for suspicious activity, which Global Payments said should be reported to the card issuer.
The company also launched a website for consumer questions at http:///www.2012infosecurityupdate.com.
The situation, Garcia said, is “going to be a little distracting” and will “mean that some hours we could have spent on product innovation” will be pushed off. More of the budget will be dedicated to boosting security.
“ ‘Business as usual’ sounds a little trite, but we’re trying to make that just exactly what it is — business as usual,” he said.
Also on Monday, Global Payments reported its earnings for the third quarter, which ended Feb. 29. Revenue grew 17 percent to $533.5 million from $456.4 million in the year-earlier period. Income was up 21 percent to $57.9 million, or 73 cents a share, from $47.8 million, or 59 cents a share.
Executives refused to estimate how much the security hack would affect future earnings.
Source: MCT Information Services