BankInfoSecurity's Tracy Kitten reports that recent alerts from Visa and MasterCard indicate that a recently-disclosed security breach at Global Payments Inc. actually dates back to January 2011, far earlier than was initially reported.
"Global has maintained that it notified the affected card brands in early March as soon as it identified the breach," Kitten writes. "But Global has offered no precise information about the breach timeline and indicated on May 14 that it had no comment beyond what was already posted on its website."
"Initial reports suggested that more than 10 million card accounts were compromised in the breach, yet Global insists fewer than 1.5 million were taken," writes Krebs on Security's Brian Krebs. "Recent reports by The Wall Street Journal put that figure closer to 7 million stolen card accounts."
"The successful attack on Global Payments has damaged the company's reputation with Visa, MasterCard, and other debit and credit card issuers," writes Midsize Insider's Richard Janezic. "It has cut the value of the company, and has caused the company untold expense in investigations, repairs, revalidation, recertification, and negative press."
"Transparency and full disclosure, within the bounds of investigation reasonableness, is important when beaches occur," BankInfoSecurity's Kitten writes in a separate article. "But I don't think we're anywhere close to understanding the impact of this breach. And, sadly, it appears that we won't be able to rely on Global to tell us. A proactive approach would have benefitted Global. But the experience should serve as an example for other processors and institutions. The lesson: Being prepared, with detailed post-breach communications plans, can salvage reputation and reinforce consumer confidence."