It is still not clear how many cardholders became victims of the breach, which affected MasterCard Inc, Visa Inc, American Express Co and Discover Financial Services, as well as banks and other franchises that issue cards bearing their logos, reports Reuters.
Besides, there are no indications that any customers have experienced fraudulent transactions on their accounts.
The leak was first reported by the news blog Krebs on Security, following reports that MasterCard and Visa were warning banks of a possible breach. U.S. law enforcement authorities announced it has hired an independent data-security organization to review the incident.
“MasterCard is currently investigating a potential account data compromise event of a U.S.-based entity,” MasterCard said in a statement.
“As a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk. It is important to note that MasterCard’s own systems have not been compromised in any manner.”
Visa also announced that a “data compromise” of an outside company, adding there was no breach of Visa’s own network. “Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands.”
“There has been no breach of Visa systems, including its core processing network VisaNet. Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards,” the company said in its statement.
This Global Payments leak is just one in a huge wave of incidents that have put the personal information of millions of credit and debit cardholders at risk.
Individual banks and processors hadn’t estimated the full extent of the breach, but Krebs on Security described it as a “massive” breach that may affect more than 10 million cardholders.
JPMorgan Chase & Co and American Express and Discover, which release their own cards, reported they are examining cardholders’ accounts and they are ready to issue new cards to anyone whose information may have been stolen.
Citigroup Inc said it has been notified by processors of the breach. Bank of America Corp declined to comment on the matter and Wells Fargo & Co said it was too early to comment on the impact.
The illegal use of the customers’ data could be stymied if an online merchant asks for the three or four digits printed on a card known as the “CVV code.”
“The systems can all be made tighter, but if they’re too tight no transactions would ever be approved,” said Edward Lawrence, a director at Auriemma Consulting Group. “You still have to allow commerce to occur.”
Rep. Mary Bono, a California Republican chairman at the House Subcommittee on Commerce, Manufacturing and Trade, condemned the Global Payments breach and urged Congress to adopt stronger data-security legislation this year.
“You shouldn’t have to cross your fingers and whisper a prayer when you type in a credit card number on your computer and hit ‘enter,'” Bono said.