Last week’s massive credit card data breach was a frustrating reminder that despite everything, all the fights over privacy rights and legislative shouting, if somebody wants to steal an extraordinarily large number of personal consumer information for nefarious purposes, they can probably do it.

As a refresher, on March 30, Global Payments, a third-party payment processor, reported that it had suffered a data breach. Someone gained unauthorized access to company information, a.k.a. private data of people with accounts with major credit card companies such as MasterCard, Visa, American Express, and Discover Financial Services.

So, exactly how many people’s information might have been compromised? Let’s just say it’s more than six figures…

The breach happened last week, but just yesterday the company released the number of people whose information was potentially compromised: 1.5 million. Dag, yo. That is a lot.

Here is what the AP said:

A company that processes credit card transactions said Monday that as many as 1.5 million card numbers were compromised in a data breach early last month.

The CEO of the company, Global Payments Inc., said the matter was “absolutely contained,” but Visa dropped the company from its list of approved third parties that process transactions between stores and banks.

The breach was revealed Friday when Visa and MasterCard said they had notified issuers of its credit cards. On Monday, American Express said it may have been affected, and Discover promised to reissue cards where appropriate.

Global Payments set up a website to help cardholders but did not provide the names of affected stores or banks. Its stock fell 4.5 percent on Monday. It fell 9 percent Friday before trading was stopped.

Here is specifically what the hackers took:

Global Payments CEO Paul Garcia said card numbers were compromised but cardholder names, addresses and Social Security numbers were not. He said the company was working with law enforcement.

Although that is not particularly comforting, I suppose it could be worse. They could’ve gotten all of that information.

These stories are always unsettling, because you would like to think that, in an age where in order to do pretty much anything, you have to give your personal financial information to large, that the people you’re giving your information to are secure. You have no choice but to trust them. It sort of makes one long for the pre-digital era.
When you read news like this, and you are forced to realize a lot of large (and small) companies are less on top of data security then you would hope.

Corporate Counsel magazine ran a story earlier today, which tries to figure out why so many companies still fall victim to this sort of breach.

It seems that, unfortunately, a lot of businesses — at the executive level — think they are immune to data breaches. And they apparently don’t realize the expensive legal liabilities that breaches can lead to:

A persistent problem, says Matthew Lane, chief technology officer for information security and privacy consultancy Janus Associates, is that many firms still think they won’t become targets.

“You have to think that you will be breached. It’s a real battle out there,” says Lane, who has consulted on two major credit card-related breaches. “Most companies that have the most trouble are confident that they won’t be breached.”

Major news networks often only cover massive data breaches like the Global Payments. Even those aren’t particularly infrequent. The AP rattled off a list of high-profile victims this within the last year: International Monetary Fund, National Public Radio, Google and Sony’s PlayStation Network. And smaller, less widely reported ones happen even more frequently.

Corporate Counsel also mentions that just last week, the California Department of Child Support Services simply lost track of four of its data storage devices. Nice.

In any case:

This is the way the world ends
This is the way the world ends
This the where the world ends
Not with a bang but identity theft and spear phishing scams.

Why Aren’t Companies Better Prepared for Data Breaches? [Corporate Counsel]
Data breach put 1.5M numbers at risk [Associated Press]


comments sponsored by

11 comments (hidden for your protection) Show all comments