Credit card data breach contained, says Global Payments

Selection of credit cards
Image caption The breach exposed credit card details but not names or addresses

A data breach that may have exposed as many as 1.5 million credit card accounts has been "absolutely contained", according to the firm behind the leak.

Global Payments processes payments for firms such as Visa, Mastercard and American Express.

It admitted that thieves had accessed card account numbers, expiration data and security codes.

This prompted Visa to drop the US firm from its list of approved vendors.

The firm's share price also fell.

The breach was first revealed on Friday when Visa and Mastercard notified issuers of its credit cards of the breach. On Monday, American Express said it was still determining the extent to which its card member data may have been affected, and Discover Financial Services said it would reissue cards as appropriate.

Website help

Over the weekend, Global Payments said the thieves had exported the stolen information but stressed that they did not have customer names, addresses or Social Security numbers.

The company said it would work with regulators, industry third parties and law enforcement agencies to help minimise any impact to credit cardholders.

It has set up awebsiteto help cardholders although it has not provided the names of stores or banks that were affected by the breach. The company's share price fell more than 3% on Monday, following a 9% drop on Friday.

Besides processing cards in the US, Global Payments provides its services to government agencies, businesses and others in Canada, Europe and the Asia-Pacific region.

Global Payments Chief Executive Paul Garcia has pledged to spend more on security.

However,he told the Wall Street Journalthat he was not surprised that Visa had struck his firm off its list of approved payment processors.

"It wouldn't be unexpected for Mastercard to take similar action," he added.

Spear phishing

Security firms warned that hackers could use the information they took to mine more personal data.

This is used in so-called spear phishing attacks, in which highly targeted fake emails are sent to people mimicking a message from their real bank and asking them to hand over personal information.

A number of security breaches have taken place in the last couple of years.

Last June, hackers stole information for 360,000 credit card accounts at Citigroup. In the past year, there have been high-profile data attacks against the International Monetary Fund, Google and Sony's PlayStation Network.

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites