The Global Payments breach can have persisted for eight months.
As reported in April, Visa and Mastercard said they became familiar with a possible data compromise at a 3rd party affecting credit-card account information from all major card brands; the blame was eventually placed on Atlanta-based Global Payments.
According to security blogger Brian Krebs, who originally broke the tale, the impact was initially believed to have occurred between 21January and 25 February 2012, but subsequent alerts sent to banks have pushed that exposure window back to December, August or perhaps June 2011.
He said: “Security experts say it is not uncommon for the tally of compromised cards to extend as forensic investigators gain a far better grasp of the level of a safety breach. But to date, Global Payments has offered few information about the incident beyond repeating that fewer than 1.5 million card numbers can have been stolen from its systems.â€
Global Payments "sincerely apologised" for any concern that the incident has caused and said that it continues to work with industry third parties, regulators and law enforcement to aid in all efforts to minimise cardholder and customer impact.
It has also confirmed that "some card brands" have removed it from their lists of PCI-compliant processors after the information breach last month.
A statement on its website said: “Based on our announcement of unauthorised activity in a limited segment of our North American processing system, some card brands removed us from their list of PCI-compliant service providers.
“They have requested we revalidate our PCI status, which we are able to do following the present investigation. We anticipate that we'll be reinstated to these lists on the conclusion of the revalidation and any required remediation.â€
However, this doesn't stop Global Payments from processing transactions for the brands, and it said that it'll continue to process transactions for all card brands.
Nessun commento:
Posta un commento
Comments links could be nofollow free