According to a conference call early on Monday, Paul Garcia, Global Payments CEO and chairman, reported that early forensics reports from his company show the breach affected Track 2 data from approximately 1.5 million cardholders. He also claims only a small number of Global Payments servers were affected by the breach.
Beyond these few explanations, though, the details from the call were incredibly light and Global Payments did not field media questions following the call.
"He said none of their merchant systems were compromised. Well, then what was compromised?" asked Avivah Litan, VP and distinguished analyst for Gartner Research, venting her frustrations about the lack of details from Garcia. "Why do you tell us what didn't happen? Tell us what did happen."
According to Litan, her confidential sources tell her "a Central American gang broke into the company's system by answering the application's knowledge-based authentication questions correctly." At the same time, other sources told her that over the past few days that a yet-to-be-disclosed breach at a big New York-area taxi cab company could have had connections to the Global Payments breach. She also pointed to reports from Brian Krebs of KrebsOnSecurity.com, who first broke the story and who today mentioned that the company that hosts Global Payments website recently switched to Amazon EC2 and also that he'd been contacted by a hacker who claimed Global Payments end-to-end encryption was circumvented by an inside source.
As businesses rely increasingly on tablets for the productivity benefits they provide, IT must address the security challenges the devices present. Find out more in our Security Pro's Guide To Tablet PCs report. (Free registration required.)