The Official Merchant Services Blog follows up its extensive coverage of the Global Payments Data Breach today. The news of this data breach hit on Friday March 30. At first there were reports that a mere 50,000 cards were compromised. Then the media upped the number to 10,000,000. Then Global Payments released its own statement to the media reporting that the number was closer to 1.5 million cards.
Phishing Scams Alert
The first update comes from this Credit Union Times Article: “CUNA Mutual Group has sent a risk alert to its bonded credit unions urging them to warn members about possible phishing attempts in the wake of the data security breach at Global Payments Inc.”
The article reviews the steps that Global revealed it took in response to the data breach. The payment processor said it immediately engaged external experts in information technology forensics and contacted federal law enforcement and then Global stated promptly notified appropriate industry parties to allow them to minimize potential cardholder impact. Global admitted 1.5 million cards were compromised but the company called the breach “contained.”
The alert issued by CUNA however focused on the follow through that scam artists and hackers may attempt on the information that was compromised. It pointed out that criminals may launch a campaign of their own to obtain the additional data such as billing addresses, three digit security codes and passwords through fraudulent means. So the alert warns consumers to be wary of emails, text messages or phone calls requesting this type of information. And the alert tells consumers to report any suspicious activity involving that information.
So the breach may be contained, but the risk is still out there according to CUNA.
Verizon Releases Data Breach Report
The 2012 Data Breach Investigations Report has been released by Verizon.
As with previous reports, the 2012 report aims to understand the underlying issues of major data breaches. This year’s report has been supplemented with contributions from law enforcement agencies in order to increase the awareness of global cybercrime. To that end, the report also looks at breaches from 22 additional countries over the previous year. The 2012 report looks at 855 confirmed security breaches that affected 174 compromised records in 36 countries around the world. A quick big picture statistic: The 8 years of reports now includes over one billion compromised records from 2500+ breaches.
Visa, MasterCard Investigate
Building off of the statements from Global regarding its reaction to the breach, comes this story from Vanguard, citing Visa and MasterCard’s continuing investigation of the breach. The story, filed April 11, states that Visa and MasterCard are investigating whether a data security breach at one of the main companies that processes transactions improperly exposed private customer information.
The key information in the article levies some indirect criticism of Global and raises some concern about the data breach that is in direct contradiction to Global’s statements about it being contained. Citing an anonymous bank official, the article says:
“The incident has opened a crucial vulnerability that could affect millions of credit card holders. The bank official, who insisted on anonymity because the inquiry is at an early stage, said that Visa and MasterCard notified his company on Thursday, but that banks had been frustrated with the pace of disclosure by Global Payments.
He said that Global Payments, which is one of the biggest transactions processors, had provided little information on where the breaches took place, how accounts were hacked and other details that could indicate which customers might be vulnerable. Banks said that when they could identify victims, they would notify them and replace credit cards, if necessary.”
And now the general texture of the data breach, as reported by Newsweek here, seems to be that confidence is shaken and security issues are a huge concern.
The article states that “experts say that the break-in is a big deal and could nudge us closer to a federal breach-disclosure law. Avivah Litan, a security analyst for consulting firm Gartner, says Global Payments is one of the largest payment processors in the country and that the breach is just the latest in a string of credit-card-security failures that have plagued corporate America. “
The article quotes Beth Givens, director of the Privacy Rights Clearinghouse, an organization that tracks data breaches, as saying the data breach “brings into question the very security of the credit- and debit-card industry and whether or not it’s safe to use such payment cards.”
The article also touches on the disparity between what Brian Krebs initially reported about the data breach and what Global released in its statements. First it points out the long delay in when the breach occurred versus when the news broke: “The company insists it notified all parties and contacted law enforcement in early March when it discovered the break-in. ‘We did not delay,’ says company spokeswoman Amy Corn. Yet it took another three weeks for the news to reach the public, and it wasn’t the company but a security blogger named Brian Krebs who broke the news.”
And then it gets Krebs’ response to the disparity between the number of cards he reported were compromised and the number of cards Global said were compromised in their statements. Krebs told Newsweek: “The number of transactions or card numbers potentially exposed is probably far larger than the 1.5 million number they are citing.”
And finally Shelia Turner from backgroundcheck.org has been following our blogs and shared with us this wonderful infographic about The State of IT Security. Thanks Shelia!