A few months ago, a company that processes debit and credit card payments acknowledged that it had been hit with a massive data breach that exposed the account numbers for 1.5 million people.
But now, as part of its ongoing investigation into the causes and full effects of the breach, Global Payments also discovered that more than just account data may have been exposed, according to a report from the tech news site CNET. The company has not announced exactly what data might have been exposed, how many people may have been affected, or even if it was stolen, but acknowledged that the hackers had access to data for a subset of merchants.
“Based on the investigation to date, we continue to believe that a limited portion of our North American card processing system was affected, actual card numbers that may have been exported did not exceed 1,500,000 and any potential card exportation was limited to Track 2 data,” the company announced, according to the site.
Data defined as “Track 2″ is limited to account numbers and expiration dates, but not cardholder names, addresses or Social Security numbers, the report said. The company also noted that it will notify any consumers who may have been affected by the breach, and provide them with both free credit monitoring and identify protection insurance. However, it also added that these notifications would be unrelated to cardholder data.
These revelations follow Global Payments’ confirmation of the initial breach back in April, but the company still hasn’t revealed exactly when the hacking attack actually occurred, the report said. As a result of the breach, both Visa and MasterCard – the two larger payment processors that were affected by the incident – removed Global Payments from the list of companies that are compliant with Payment Card Industry security standards. In an effort to once again gain compliant status, Global hired a security assessor to conduct and independent review of its systems.
Hacking attacks are becoming a more common occurrence for many major companies, and both they and the consumers whose sensitive personal and financial data they protect are at considerable risk when these incidents occur. It may be a good idea for consumers whose accounts are exposed in such an attack to keep a close eye on their bank statements and credit card bills to see if they can spot any potential instances of fraud.
Image: mcclanahoochie, via Flickr