Global Payments Hackers May Have Accessed Merchants' Personal Data
The company says its investigation found 'potential unauthorized access to personal information.'
Global Payments recently published an update on its investigation into a massive security breach earlier this year, noting that it had uncovered "potential unauthorized access to personal information collected from a subset of merchant applicants."
"On the Web site dedicated to the incident, Global Payments also [published] a frequently asked questions (FAQ) section, but they don’t really provide many details," writes Softpedia's Eduard Kovacs. "They highlight the fact that the incident is believed to be contained, and that names, addresses and social security numbers have not been exposed. However, they fail to precisely reveal what type of information is in the record sets that may have been looked at or stolen by the attackers."
"Affected individuals will be offered free credit monitoring services and identity protection insurance of $1 million. The three U.S. major credit reporting agencies have also been advised about the incident, [CEO Paul] Garcia said," writes Computerworld's Lucian Constantin. "Garcia declined to share an exact number of individuals potentially affected by the unauthorized access to servers that contained merchant data, citing an ongoing process of analyzing that information."
"It isn't yet clear what kind of impact the breach may have had on cardholders," writes The Wall Street Journal's Robin Sidel. "Banks and merchants have linked few suspicious transactions to the incident so far. Still, the breach prompted Visa and MasterCard to remove Global Payments from their lists of third-party vendors that comply with industry security standards."
"Global Payments now said it aims to revalidate its PCI compliance status once it has finished investigating the breach and will look to get reinstated at that point," writes V3.co.uk's Gareth Morgan.