Initial reports of numbers of compromised records in data security breaches are often underestimated. Such appears to be the case in the Global Payments, Inc. incident that we wrote about last month. Initial reports stated that about 1.5 million credit and debit cards were compromised, but it is now believed that the number is closer to 7 million. New information also reveals that thieves could have had access to customer data since last spring. Global Payments was the nation’s seventh largest “merchant acquirer” last year, processing $120.6 billion MasterCard and Visa transactions.
Read more – Wall Street Journal (registration may be required)
Written by Adam Veness
Global Payments, Inc. (NYSE: GPN) (“Global”) has reported a significant data security breach for approximately 1.5 million credit card customers. According to a statement that Global released on Sunday, their investigation has revealed that “Track 2 card data may have been stolen, but that cardholders’ names, addresses and social security numbers were not obtained by criminals.” Using Track 2 data, a hacker can transfer a credit card’s account number and expiration date to a fraudulent card, and then use the fraudulent card for purchases.
As a result of the breach, Visa has removed Global from its list of companies that it considers to be “compliant services providers.” In an effort to calm consumers, Global issued a press release today assuring that “[b]ased on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained.”
The incident reinforces the importance of maintaining adequate data security. Companies must take ample precautions to secure their customers’ data, and if they fail to do so, they may be vulnerable to a serious security breach that could adversely affect their bottom line. As of the time of this post, Global’s stock price has fallen approximately 12% since the data breach news was announced. Even when following best practices in data security, companies still may face data security breaches. Despite these inevitable risks, companies should do everything reasonably required to protect against data breaches. If a company can show that it has taken the proper precautions, then this may mitigate or reduce potential liability in the event of a breach. After a breach, companies should ensure that they follow all of the strict legal requirements for notifying customers of the breach and remedying the effects of the breach. Doing so may greatly reduce a company’s exposure to customer lawsuits and government action against the company.
Contact a member of the Mintz Levin Privacy team for more information related to establishing adequate protocols to protect customer information from data security breaches, and for more information related to the legal requirements for when and how you must notify customers of a data security breach.
For further information:
Global Payments Press Release
Card Processor: Hackers Stole Account Numbers (Wall Street Journal)(registration may be required)
Visa Drops Payment Processing Firm Involved In Breach (Chicago Tribune)