Data breach affects 1.5 million

April 2, 2012 – A data breach at Global Payments Inc., a third-party processor serving Visa, MasterCard, American Express and Discover, involved the theft of account numbers and other information from as many as 1.5 million accounts in North America, reports said.

Global released the estimated impact in a statement Sunday, two days after reports surfaced in wire news stories. In its statement, Global said the breach involved “Track 2” data, which doesn’t include cardholder names, addresses or Social Security numbers.

Reports estimated that the breach occurred in January and February.

“The company continues to work with industry third parties, regulators and law enforcement to assist in the efforts to minimize potential cardholder impact,” the firm said in its statement.

A Wall Street Journal article reported Sunday that Visa had removed the firm from its list of “compliant” processors and asked that it provide new information showing it is up to standard before it is put back on it. The New York Times followed later with details from the Global statement.

Early reports Friday said MasterCard and Visa reported having notified financial institutions about the breach. Discover was monitoring accounts for suspicious activity and would reissue cards as appropriate, the reports said.

Lawmakers are looking at issues surrounding data security, including data protection standards and practices following a data breach. NAFCU continues to seek enactment of comprehensive data security legislation that would ensure nondepository firms are held to data protection rules and standards and are required to disclose breaches when they occur.