The American-based company, which processed payments for Visa, Mastercard and American Express, has confirmed the breach but assured users that the problem has been contained. Visa has since removed the company from its list of approved vendors, something that can only be done once the offending company revisits its PCI DSS accreditation.
The stolen data included card numbers, expiry dates and the information stored within the magnetic strip which would enable the cybercrims to clone the cards. Customer address and account information was not compromised.
Although Global Payments processes payments from all over the world, the stolen details affect American customers only.
The hack does raise concerns of further security threats for the targeted customers as the information taken is ideal to launch spear-phishing attacks. Attacks of this kind involve sending a highly-targeted email tricking the recipient into believing the message was sent from the bank. The email will then encourage the recipient to send more information – handing the hackers their personal information.
It is as yet unknown how the hacker cracked into the database, but rumours circulating the web suggest it could have been through an unsecured administrative account, something that could have been easily avoided.
It is concerning that despite the increasing frequency of hack-attacks, even businesses that should be protected to moat-and-dragon levels like Global Payments, are not taking cyber security seriously enough.