Visa, MasterCard Warn Banks of Data Breach, Stolen Cardholder Data

Cyber-criminals hacked into a credit card processing company and stole information from about 50,000 Visa and MasterCard cardholders, the two companies said March 30.

In separate statements, officials with Visa and MasterCard said they were aware of the data breach at the third-party processing company and reiterated that their own systems had not been compromised in the attack. The firms were notifying their bank partners that issue cards about the breach, enabling the banks to monitor the cards for fraud or issue new cards.

Neither company named the processing company whose systems allegedly were breached, but The Wall Street Journal, quoting unnamed sources, reported that the firm is Global Payments, an Atlanta-based company that processes payment cards such as credit cards, debit cards and gift cards.

According to a notice that Visa is sending to banks, the data breach occurred sometime between Jan. 21 and Feb. 25, according to The Journal.

In a statement, Visa officials said that cardholders were not responsible for fraudulent purchases.

€œAs always, Visa encourages cardholders to regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity,€ the company said.

Visa said consumer security tips can be found at the VisaSecuritySense Website.

MasterCard officials said in a statement that the company is continuing to monitor the situation and €œtake steps to safeguard account information. If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution.€

The data breach was first reported March 30 on the KrebsOnSecurity blog. Blogger Brian Krebs said Visa and MasterCard began sending out notices of the breach to banks late last week, and that the €œalerts also said that full Track 1 and Track 2 data was taken€”meaning that the information could be used to counterfeit new cards.€

It€™s unclear the impact of the breach, though Gartner analyst Avivah Litan said in a blog post March 30 that there already has been a ripple effect.

€œI€™ve spoken with folks in the card business who are seeing signs of this breach mushroom,€ Litan wrote. €œLooks like the hackers have started using the stolen card data more recently. From what I hear, the breach involves a taxi and parking garage company in the New York City area, so if you€™ve paid a NYC cab in the last few months with your credit or debit card€”be sure to check your card statements for possible fraud.€

Krebs said that on March 28, officials at PSCU, a firm that offers online financial services to credit unions, said it notified 482 customers that apparently had cards affected by the breach. More than 56,000 Visa and MasterCard accounts from those credit unions were compromised, Krebs wrote, and fraudulent activity had been discovered on about 876 accounts that were €œgeographically dispersed.€