Intersections’ Consumer Security Adviser Neal O’Farrell writes about a massive data breach that has potentially affected millions of credit card holders.
In yet another sign that we're not making much headway against data breaches, a major payment processor reluctantly announced that it was the victim of a data breach that could affect millions of consumers. And when I say reluctant, it took a while for the real story to come out, and even now we may not know the whole truth.
It all started with a renowned security expert broke the news that he'd been sitting on a story for a number of weeks about a company called Global Payment Systems that was believed to have been the victim of a major data breach and that the number of exposed credit and debit cards could exceed 10 million.
Other experts, and even representatives from law enforcement, quickly came forward to claim that they had heard the same rumors, and even added to the mystery by suggesting that one possible source of the breach might have been parking garages in New York City and the perpetrators were Dominican street gangs. Others claimed that the number of exposed cards was closer to 50,000, and that they were commercial credit and debit cards, and not personal.
All very confusing, especially when the company involved was saying very little. Visa and MasterCard quickly stepped forward and said it had nothing to do with them. Finally, Global Payment Systems made a slightly cryptic statement that it had been a victim of a breach and that around 1.5 million cards had been exposed.
What intrigued observers even more was that instead of saying exposed, the company said the cards were "exported." Not the typical language used in a data breach announcement and one that only added to the intrigue.
The company admitted that it had discovered the breach three weeks earlier and hackers had accessed card numbers, expiration dates, service codes, PINs and CVV numbers. Names, addresses and Social Security numbers were not exposed.
It will probably take a while for the whole truth to come out, but in the meantime, be vigilant for any scams that try to take advantage of this. If you are a victim of this breach, you will likely be notified in writing by your credit card company and your card replaced.
Use this as a reminder to think about security. Check your bank and credit card statements for any unusual activity and report to your bank right away. If you haven't changed account passwords recently, do so now.
If you receive any emails claiming to be about the breach, be very wary. Chances are scammers will try to use the story to trick you into reveling information, clicking on a link, or opening an attachment. And even if they seem to know a lot about you, don't let your guard down. If you get such an email, or even a phone call, contact your bank or credit card company directly and check whether or not it really did come from them.
Has your company experienced a data breach? We can help. Call us at 1-888-283-1725, or visit us online, for information and security solutions.
Learn more about identity theft protection.