- Breach blamed on third-party processor
- Shares of company halted after dropping 9.1 per cent
- Security experts believe data is already being used
- Customers told to check their online statements
- Dominican street gangs thought to be responsible
Rachel Quigley
The Daily Mail [UK]
30 March 2012
Officials are investigating what they believe is one of the largest known credit card heists in the U.S. after Mastercard and Visa confirm the data of as many as ten million customers has been stolen.
The companies notified U.S. banks of a potential security breach, the latest in a string of incidents that have put the personal information of millions of credit card holders at risk.
The companies, which are the two largest global credit card processors, said the issue stemmed from a third-party vendor, reportedly Global Payments, and not their own internal systems.
Atlanta-based company Global Payments are being named as the third party processor where the breach occurred…
…The breach likely occurred at a central aggregation point where card information is calculated, said Avivah Litan, security analyst at Gartner Research.
‘Those transactions are aggregated’ and sent to a server, Litan said. ‘It has a lot of hops along the way’ before the card information reaches a processor.
She believes the data is already being used on the street by identity thieves.
She wrote on her blog: ‘I’ve spoken with folks in the card business who are seeing signs of this breach mushroom. Looks like the hackers have started using the stolen card data more recently.
‘From what I hear, the breach involves a taxi and parking garage company in the New York City area, so if you’ve paid a NYC cab in the last few months with your credit or debit card — be sure to check your card statements for possible fraud.’
She also said that unverified reports point to a ‘Central American gang that broke into the company’s system by answering the application’s knowledge-based authentication questions correctly.
‘Looks like the hackers took over an administrative account that was not protected sufficiently.’…
Read the complete article at The Daily Mail.
