CBS/AP/ April 2, 2012, 6:59 PM

Security breach put 1.5M numbers at risk

(CBS/AP) NEW YORK — A company that processes credit card transactions said Monday that as many as 1.5 million card numbers were compromised in a data-security breach early last month.

The CEO of the company, Global Payments Inc., said the matter was "absolutely contained," but Visa dropped the company from its list of approved third parties that process transactions between stores and banks.

Security breach: How to protect your credit
Credit card security breach: What do you do?
Card companies, U.S. banks hit by security breach

The breach was revealed Friday when Visa and MasterCard said they had notified issuers of its credit cards. On Monday, American Express said it may have been affected, and Discover promised to reissue cards where appropriate.

Global Payments set up a website to help cardholders but did not provide the names of affected stores or banks. Its stock fell 4.5 percent on Monday. It fell 9 percent Friday before trading was stopped.

Global Payments CEO Paul Garcia said card numbers were compromised but cardholder names, addresses and Social Security numbers were not. He said the company was working with law enforcement.

Besides processing cards in the U.S., Global Payments provides its services to government agencies, businesses and others in Canada, Europe and the Asia-Pacific region.

Global Payments reported financial results Monday and said profits rose 20 percent to $58 million from December through February compared with the year before. It did not estimate what it would lose because of the breach.

The breach appeared to be one of the largest in the past several years. Last June, hackers stole information for 360,000 credit card accounts at Citigroup. In the past year, there have been attacks against the International Monetary Fund, National Public Radio, Google and Sony's PlayStation Network.

When hackers get consumer information, they can use it to mine data from the Web about those people. That makes it easier to send targeted emails that mimic messages from the bank - a process known as spear phishing - in hopes of getting customers to divulge more valuable information.

Data breaches and hacking affect as many as 8 million Americans each year, costing billions of dollars and countless hours to correct the problems it creates.

Yaron Samid, CEO of Bill Guard, a company that specializes in personal-finance security, said that hackers who have credit card data try to sell the information on the black market. He said hackers can use small transactions to confirm that a credit card is active before they charge larger amounts.

Forty-six states require businesses to notify customers of a data breach when personal information has been placed at risk. Consumers who received a breach notification last year were almost 10 times more likely to be fraud victims than those who did not, according to Javelin, a research company.

© 2012 CBS Interactive Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.

Popular on MoneyWatch

2 Comments Add a Comment
linkicon reporticon emailicon
venusvegasvada says:
So little information is put out about these incidents when they happen. I think the public deserves full disclosure in a timely manner. Not just for credit card accounts, but other breaches as well. I remember last year when some defense companies where breached, but the information was downplayed due to fear that it may negatively impact their stock prices. I disagree with putting shareholder value above letting the public know what is going on.
reply
hypnotoad72 replies:
linkicon reporticon emailicon
Agreed!

And maybe some of the shareholders might remember they are customers and/or employees, too...
Scroll Left Scroll Right