Global Payments breach went on for at least 8 months – revised estimate
Brian Krebs has an update on the Global Payments breach:
A hacker break-in at credit and debit card processor Global Payments Inc. dates back to at least early June 2011, Visa and MasterCard warned in updated alerts sent to card-issuing banks in the past week. The disclosures offer the first additional details about the length of the breach since Global Payments acknowledged the incident on March 30, 2012.[…]
Initially, MasterCard and Visa warned that hackers may have had access to card numbers handled by the processor between Jan. 21, 2012 and Feb. 25, 2012. Subsequent alerts sent to banks have pushed that exposure window back to January, December, and then August. In an alert sent in the last few days, the card associations warned issuers of even more compromised cards, saying the breach extended back at least eight months, to June 2011.
Read more on Krebs on Security.
So far, there’s no revised/updated information on Global Payment’s site, but they will undoubtedly respond to Brian’s latest exposure of these details. And once again, they will be behind the story instead of ahead of it, it seems.
Update: Global Payment did update their site last night, but don’t expect to find any real numbers or details in the update. The firm acknowledged that “some card brands” removed them from the PCI Compliant list and continues to believe that less than 1.5 million card numbers were exported. Everything, though, is still under investigation.