This is an updated version of an article posted earlier on March 30.

A data breach at a card processor may have affected more than 10 million Visa and MasterCard accounts, security expert Brian Krebs reported March 30 on his blog.

MasterCard Worldwide and Visa inc. confirmed the incident in separate emails.

Global Payments Inc. is the affected processor, according to a Wall Street Journal article that cited "people with knowledge of the situation" (see Journal story). The Atlanta-based processor later confirmed its ties to the data breach (see story).

Trading in Global Payment stock was halted on the Nasdaq exchange today when share prices fell 9% to $47.50 per share in midday trading.

"MasterCard is currently investigating a potential account data compromise event of a U.S.-based entity and, as a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk," Jim Issokson, a representative for MasterCard, said in an emailed statement.

"Law enforcement has been notified of this matter, and the incident is currently the subject of an ongoing forensic review by an independent data-security organization. It is important to note that MasterCard's own systems have not been compromised in any manner," Issokson said.

Visa said it is "aware of a potential data-compromise incident at a third-party entity affecting card-account information from all major card brands," according to an emailed statement. "There has been no breach of Visa systems, including its core processing network VisaNet."

The compromise occurred between Jan. 21 and Feb. 25, according to Krebs' report. Though the card networks did not name the breached entity, Krebs said he learned from sources at two major financial institutions that many of the affected cards were used at parking garages in the New York area.

"I've spoken with folks in the card business who are seeing signs of this breach mushroom," Avivah Litan, a vice president and distinguished analyst at the Stamford, Conn.-based market research company Gartner Inc., said in a blog post. "Looks like the hackers have started using the stolen card data more recently."

What do you think about this? Send us your feedback. Click Here.

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry