Global Payments Inc., one of the largest processors of credit card transactions, announced on Friday, March 30, that card data from an estimated 1.5 million accounts had been exposed. The breach occurred sometime between January 21 and February 25, and it was discovered by Global Payments in early March. The company said that accounts involved were limited to North America, and cardholder names, addresses, and Social Security numbers were not obtained. However, other information, including credit card numbers, was exported.
Global Payments processed $167.3 billion worth of transactions in the last fiscal year and specializes in serving small merchants, like mom-and-pop businesses and local retailers. The breach potentially affects cards from Visa, MasterCard, Discover, and American Express, although those companies stressed that their own networks have not been penetrated. Global Payments has alerted payment card issuers about accounts that could be affected. In data breach situations, credit card companies generally offer affected customers fraud monitoring services at no cost, and customers are not responsible for fraudulent charges.
Since debit cards have fewer protections that credit cards, they should be watched very closely, and unauthorized transactions should be reported within two days. Global Payments has set up a website at http://www.2012infosecurityupdate.com to provide consumers and businesses with additional information.
According to information on the website, consumers who believe their credit card information is at risk, should immediately contact their card issuing institution or bank. Once consumers report the loss or theft, they have no further responsibility for unauthorized charges. Under federal law, their maximum liability is $50 per card, but most credit card companies waive this liability.
Already, scammers have heard of the data breach and are trying to take advantage. The Identity Theft Resource Center has had several reports from consumers who have received letters in plain envelopes with no letterhead asking recipients to call a toll-free number to verify account information. The person answering will attempt to trick the caller into divulging account information.
For information you can trust on how to protect your data, see