Global Payments stressed that cardholders names, addresses, and social security numbers were not stolen in the breach, which was confined to North America.
“We are making rapid progress toward bringing this issue to a close”, said Paul Garcia, Global Payments’ chairman and chief executive officer.
The company said it has engaged with multiple information security and forensics firms to investigate and address the data breach, and believes the breach has been contained.
In response to the breach, Visa decided to drop Global Payments as a payment card processor, according to a report by the Associated Press. Being dropped by Visa “could give your partners some pause that they’re doing business with someone who experienced a breach”, Garcia told the news service.
McAfee’s Brian Contos warned that payment card processors are prime targets for criminals because they have large amounts of payment card data and often have poor security controls.
“To maximize return on investment, individual hackers and cybercrime organizations focus on environments that are ripe with valuable data and are lacking in security controls – many payment processors fit this model”, commented Contos, who is customer security strategist and senior director of vertical and emerging markets at McAfee.