[telecom] MasterCard, VISA Warn of Processor Breach

MasterCard, VISA Warn of Processor Breach

Brian Krebs March 30, 2012

VISA and MasterCard are alerting banks across the country about a recent major breach at a U.S.-based credit card processor. Sources in the financial sector are calling the breach "massive," and say it may involve more than 10 million compromised card numbers.

In separate non-public alerts sent late last week, VISA and MasterCard began warning banks about specific cards that may have been compromised. The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb.

25, 2012. The alerts also said that full Track 1 and Track 2 data was taken - meaning that the information could be used to counterfeit new cards.

Neither VISA nor MasterCard have said which U.S.-based processor was the source of the breach. But affected banks are now starting to analyze transaction data on the compromised cards, in hopes of finding a common point of purchase. Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area.

...

formatting link

New credit card data breach revealed

by Avivah Litan March 30, 2012

Just when we thought the big credit card data breaches were over, at least for a while (with Alberto Gonzalez put away after his scams at TJX, Heartland Payments and others) - along comes a new one reported today in

formatting link
See KrebsOnSecurity.com

Visa and MasterCard have already issued warnings on this. I've spoken with folks in the card business who are seeing signs of this breach mushroom. Looks like the hackers have started using the stolen card data more recently. From what I hear, the breach involves a taxi and parking garage company in the New York City area so if you've paid a NYC cab in the last few months with your credit or debit card - be sure to check your card statements for possible fraud.

...

formatting link

Reply to
Monty Solomon
Loading thread data ...

formatting link
More detail provided by yahoo finance:

In particular, "Four giant card-payment processors and large U.S. banks that issue debit and credit cards were hit by a data-security breach after third-party services provider Global Payments Inc discovered its systems were compromised by unauthorized access."

Also: "Global Payments said it determined that an unauthorized entity had accessed its systems and possible customer card data in early March. Krebs on Security, a blog that first reported the incident on Friday, said accounts had been compromised for over a month, between January 21, 2012 and February 25, 2012."

(That "in early March" time point, I fear, refers not to when "an unauthorized entity had accessed its systems", as a quick read might suggest, but rather when Global Payments finally "determined that ... .")

(Sigh!) Cheers, -- tlvp

Reply to
tlvp

formatting link
Further details try to suggest it 'ain't as bad as it might have been':

But calling the breach "contained"? 'Zat "damage control"? or "whitewash"?

Cheers, -- tlvp

Reply to
tlvp

Here's Sophos Security's take on this Global Payments breach:

Not much different from earlier reports (indeed, not much later, either).

Cheers, -- tlvp

Reply to
tlvp

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.