03/30/2012 Global Payments Inc.
a Financial Services firm in Atlanta, Georgia
7,000,000 accounts compromised
Global Payments discovered a massive breach of their systems in early March 2012. Global Payments processes credit and debit cards for banks and merchants and a number of credit and debit cards issued to businesses were determined to be compromised. The breach was discovered when Global Payments’ security systems detected unusual activity.
UPDATE (04/02/2012): Global Payments created a breach information website for consumers. Global Payments claimed that only a few of their North American servers were affected by the breach. They also claimed that around 1.5 million users had Track 2 data (card expiration date and credit card number) exposed. Media reports that up to 10 million consumers had their names, addresses, and Social Security numbers credit exposed were denied by Global Payments. Visa has removed Global Payments from their list of compliant service providers as a result of the breach.
UPDATE (04/05/2012): The breach occurred sometime between January 21 and February 25 of 2012 (REVISED TO JUNE OF 2011). Fraudulent activity has already been detected on around 800 cards.
UPDATE (05/01/2012): It appears that a hacker or hackers were first able to access Global Payments Inc. in June of 2011. Global Payments revised their initial estimate and believe that card holders and banks were affected at least as far back as June 2011. This could mean that at least seven million card accounts are vulnerable; though Global Payments still believe that only 1.5 million were affected.
UPDATE (07/26/2012): In addition to being dropped from Visa and Mastercard’s lists of compliant companies, Global Payments spent nearly $85 million on security repairs and upgrades.
UPDATE (07/30/2012: Global Payments informed Comerica Bank in June that their ongoing investigation revealed a potential unauthorized access to its servers that contain merchant application data.
UPDATE (01/10/2013): Global Payments has incurred $94 million in fees associated with the breach. A total of $60 million was paid for professional fees and other costs associated with investigating the breach and remediation for its effects. The $60 million was also used to cover incentive payments to business partners and the cost of providing credit monitoring and identity protection insurance. An additional $35.9 million went towards estimated fraud losses, fines, and charges imposed on Global Payments by card networks. Global Payments received $2 million from insurance recoveries.Global Payments also reported that it has now paid all fines related to non-compliance and has updated its systems and processes in order to be returned to the payment card network list of PCI-DSS compliant service providers.
UPDATE (04/15/2013): An April 2012 class action lawsuit related to the breach was dismissed on March 6. Global Payments also confirmed that the expenses associated with the breach totaled $92.7 million. A total of $20 million in breach losses was recuperated through insurance recoveries. In April 2013, Global Payments closed its investigation of the breach.
