It was ONLY 10 million cards…

In the last few days, news has been filtering out that Visa and MasterCard data was compromised by persons unknown. The card issuers have sent private alerts to banks indicating a data breach occurred between January 21, 2012 and February 25, 2012 and official announcements have since been made. After the news broke, payment processor Global Payments Inc. was identified as the compromised party, and we’re now learning that the data theft seems to be extensive.

According to the official alerts sent out by both Visa and MasterCard, so-called Track 1 and 2 data was included in the information stolen. That means the hackers have all the data they need to clone cards from scratch. The banks and credit unions believed to be affected are investigating the breach more thoroughly, and contacting businesses and individuals with potentially compromised accounts. Global Payments has admitted that it did not notice the breach until early March, and some cards have already been used in the wild.

Hard numbers are still difficult to come by, but PSCU, a financial services company dealing with credit unions, has said that 56,455 credit union accounts appear to be involved in the data theft. This might just be the tip of the iceberg, though. A Gartner analyst claims to have spoken with people with Visa and MasterCard who worry the breach could be extremely severe. Early estimates indicate that more than 10 million credit card numbers may have been compromised.

Global Payments is planning to hold a conference call on Monday morning to further explain what happened. We might get more technical details at that time, but things are certainly looking like a mess right now. Best to take a long hard look at that next billing statement.

via KrebsOnSecurity