The news from the hacked third-party payment processor for MasterCard and Visa got worse over the weekend, as early reported estimates of around 50,000 card numbers put at risk turned out to be wrong by 1.45 million.
In a statement to Consumerist, a rep for Global Payments writes:
The company believes that the affected portion of its processing system is confined to North America and less than 1,500,000 card numbers may have been exported. The investigation to date has revealed that Track 2 card data may have been stolen, but that cardholder names, addresses and social security numbers were not obtained by the criminals. Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained.
The company continues to work with industry third parties, regulators and law enforcement to assist in the efforts to minimize potential cardholder impact. It has engaged multiple information security and forensics firms to investigate and address this issue.
While the company’s CEO says “We are open for business and continue to process transactions for all of the card brands,” the Wall Street Journal reported last night that Visa had removed Global Payments from its list of “compliant service providers.”