Hackers Breach Credit Card Processor; 50K Cards Compromised

Photo: Jim Merithew/Wired.com

Global Payments Inc, an Atlanta-based payments processor, has been broken into by hackers, leaving more than 50,000 card accounts potentially compromised, according to news reports.

The breach occurred sometime between Jan. 21 and Feb. 25, according to notices that Visa and MasterCard sent to banks recently. The extent of the breach and damages are still unknown, but it appears to be rather small based on initial reports from the Wall Street Journal and elsewhere.

A notice sent by credit union service organization PSCU to its customers indicated that Visa alerted it on Mar. 23 that 46,194 Visa accounts might have been compromised. But that number was downgraded to just 26,000 after eliminating duplicate account numbers and cards with invalid expiration dates, according to the Journal.

Only about 800 accounts are known to have had fraudulent activity on them so far, according to security blogger Brian Krebs, who broke the story and reported that both Track 1 and Track 2 data had been taken, making it easy for criminals to clone the cards and use them for fraudulent activity. The number of accounts showing fraudulent activity could rise, however, as the investigation continues. Krebs reports that sources in the financial industry have told him that possibly as many as 10 million cards may turn out to have been at risk of compromise in the breach.

The last big breach of card processors was in 2008 against Heartland Payment Systems, which resulted in more than 100 million cards potentially compromised.

Hacker Albert Gonzalez was sentenced in March 2010 to an unprecedented 20 years in prison for his role in connection to that breach.