Thursday, June 14, 2012
The vulnerable information – which the company has not confirmed was accessed – contains names, addresses, Social Security numbers, drivers license numbers and bank account numbers from merchant applications.
Garcia revealed the potential vulnerability in a conference call held June 12, 2012, to provide an update on the company's continuing investigation of the breach. He stressed during the call that "it is unclear whether the intruders looked at or took any personal information from the company's computer," but when forensic analysis revealed the data vulnerability, Global Payments decided to reveal the possible compromise.
Garcia stated he doesn't believe the thieves even looked at the file containing the sensitive information "much less took any data," but the company decided best practices compel it to contact anyone potentially impacted by a breach of the merchant accounts. "We are going to properly address the situation and try to do the right thing for all the companies involved," he said.
"We sincerely apologize for this incident and are working diligently to conclude our investigation," Garcia said. "We are committed to fully resolve any issues arising from this matter." The company is offering at-risk merchants credit monitoring and $1 million in identity protection insurance at no cost.
Global Payments anticipates it will have additional costs to bear as a result of the breach, but those costs "are manageable," Garcia said. He stated the expense will not interfere with the company's growth and that the breach's financial impact will be discussed further in the next update call scheduled for July 26, 2012.
Garcia said Global Payments can confirm that only track 2 card data (consisting of primary account number, expiration date and service code) was stolen from fewer than 1.5 million accounts. The CEO also noted the breach did not involve its customers at the POS level, so merchants do not have to make any POS changes to process secure transactions through Global Payments.
Garcia reported that the company hired a qualified security assessor to do an independent review of the company's Payment Card Industry (PCI) Data Security Standard (DSS) compliance. Garcia promised that when the review is complete, and remediation is concluded, Global Payments will work with the card networks to get the company back on the networks' list of PCI DSS-compliant service providers.
"Our confidence level is growing every day," he said. "We feel like we are getting to the end of this."
Global Payments is posting investigation updates at www.2012infosecurityupdate.com .
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
