The debacle over U.S. Credit Card processing company Global Payments security breach and stolen credit numbers continued yesterday with a press release from the company answering questions.
Global Payments made news in late March when Krebs on Security reported as many as 10 million credit cards could have been stolen in a security breach occurring between January 21 and February 25 of this year.
Global Payments came out as the processing company whose security was breached in the theft, saying "only" around 1.5 million cards were compromised.
They say that data collected from the security breach could be used to counterfeit new cards, but emphasized that cardholder names, addresses, and social security numbers were not compromised.
Global Payments has since released fraud alerts to the people whose data they believe may have been stolen
Here is a excerpt from the statement released yesterday:
Why have card brands removed you from their list of PCI Compliant Service Providers?
Based on our announcement of unauthorized activity in a limited segment of our North American processing system, some card brands removed us from their list of PCI compliant service providers. They have requested we revalidate our PCI status, which we will do following the current investigation. We anticipate that we will be re-instated to those lists at the conclusion of the re-validation and any required remediation.
Can you continue to process transactions?
Yes. Global Payments will continue to process transactions for all card brands with the same high level of service our customers have come to expect.
Were fraud alerts issued on more cards than 1.5 million card numbers you reported?
Yes. In any matter of this nature, the card brands cast a wide net to protect consumers, and we supply as much information as possible to assist over the course of the investigation. We continue to believe that less than 1.5 million card numbers may have been exported.
Do you expect to release additional card numbers?
The company has delivered, and may continue to deliver, card numbers to the card brands and other third parties to help thwart criminals and combat fraud.
What does “exported” mean?
Taken or stolen from our network.
Could there be broader time periods in question?
We have not publicly communicated any time periods and there is a full investigation underway. It would be premature and inappropriate for us to speak to or confirm any timeframes until the investigation is complete. We identified and self-reported this incident in early March, and we will continue to provide information to the appropriate parties as revealed by the investigation.