Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Global Payments Breach: Fresh Questions On Timing

Did the Global Payments data breach that exposed at least 1.5 million credit and debit card numbers date back to 2011? As new evidence is reported, Global Payments declines comment on timeframe.

How long did the Global Payments breach that exposed at least 1.5 million credit and debit numbers last?

The answer to that question continues to change. Initially, Visa and MasterCard warned card-issuing banks, in separate alerts released in March, that there had been a series of breaches at an unnamed payment card processor, beginning in mid-January 2012 and lasting for about a month. Thieves obtained credit card account numbers and expiration dates, which could be used to create counterfeit cards.

But earlier this week, Visa and MasterCard warned banks that the breaches, which were first detected in early March, dated back to at least early June 2011, Brian Krebs reported. He said law enforcement sources suspected "Dominican street gangs in and around New York City" of being involved in the attacks.

Despite varying reports regarding the duration of the breach, Global Payments--named as the affected payment card processor in late March--released a statement this week saying that it's not responsible for the changing perceptions. "We have not publicly communicated any time periods and there is a full investigation underway. It would be premature and inappropriate for us to speak to or confirm any timeframes until the investigation is complete," read a statement posted to a website created by Global Payments.

[ Is your IT team proactive enough about security? Read more at Why Security Teams Need To Play More Offense. ]

"The company sincerely apologizes for any concern this has caused, and please know that we continue to work with industry third parties, regulators and law enforcement to assist in all efforts to minimize cardholder and customer impact," it said. (In an ironic twist, the site disables the browser's ability to select or copy any text on the page.)

Global Payments this week confirmed that fraud alerts for up to 1.5 million card numbers had been issued by the affected card brands, which are all in North America. "In any matter of this nature, the card brands cast a wide net to protect consumers, and we supply as much information as possible to assist over the course of the investigation," said Global Payments. But it warned that the count of card numbers "taken or stolen from our network" may continue to increase as the related investigation progresses.

Global Payments, which was PCI-compliant before the breach, confirmed on March 30, 2012, that it had discovered the breach and "self-reported this incident" in early March, meaning it notified the card brands--American Express, MasterCard, and Visa--for which it processes transactions.

Shortly thereafter, Visa removed the company from its list of PCI-compliant service providers and canceled its security seal of approval, although that doesn't preclude Global Payments from processing transactions for Visa card brands.

MasterCard, meanwhile, said last month that it was awaiting the results of an investigation into the breach before deciding what next steps to take. But Wednesday, MasterCard said that it too had removed Global Processing from its list of approved vendors.

Global Payments confirmed the changes in the statement it released this week. "Some card brands removed us from their list of PCI compliant service providers. They have requested we revalidate our PCI status, which we will do following the current investigation. We anticipate that we will be reinstated to those lists at the conclusion of the revalidation and any required remediation," it said.

Besides PCI problems, Global Payments may also face a shareholder lawsuit. On March 30, law firm Robbins Umeda, which specializes in securities litigation, released a statement saying that it was "investigating possible breaches of fiduciary duty and other violations of the law by certain officers and directors at Global Payments."

The firm said it wanted to discover "whether officers and directors of Global Payments, a credit card transaction processing company, breached their fiduciary duties to shareholders by failing to maintain adequate data security systems and by making improper statements about the company's business and security infrastructure."

Global Payments processed $120 billion in MasterCard and Visa transactions for merchants in 2011. It's the seventh-largest such merchant processor, according to the Nilson Report. But the company has seen its stock price plunge by 11% in the last three months.

Put an end to insider theft and accidental data disclosure with network and host controls--and don't forget to keep employees on their toes. Also in the new, all-digital Stop Data Leaks issue of Dark Reading: Why security must be everyone's concern, and lessons learned from the Global Payments breach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Google Cloud Debuts Threat-Detection Service
Robert Lemos, Contributing Writer,  9/23/2020
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
Kelly Sheridan, Staff Editor, Dark Reading,  9/23/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26120
PUBLISHED: 2020-09-27
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even witho...
CVE-2020-26121
PUBLISHED: 2020-09-27
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an uploa...
CVE-2020-25812
PUBLISHED: 2020-09-27
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.
CVE-2020-25813
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
CVE-2020-25814
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> ...