Investigation ongoing, some 10 million accounts could be compromised
Lots of fuss arose when MSNBC reported of an investigation into what appears to be a big theft of Visa and MasterCard credit card data in the US – an issue later on confirmed by both MasterCard and Visa.
It appears that the theft was first reported by computer security journalist Brian Krebs on his blog, where he reported that hackers had access to the then-unknown processor's data from Jan. 21 through Feb. 25, during which period they were able to obtain enough data to easily create counterfeit cards.
It has been assessed by a computer security expert that the theft might involve as many as 10 million accounts – one of the largest numbers ever. Gartner security expert Avivah Litan also stated that her sources claim the stolen data is already being used on the street by identity thieves and that investigators believe the data theft originated in New York City.
One of the targeted associations, MasterCard, issued a statement regarding the case, saying: "MasterCard is currently investigating a potential account data compromise event of a U.S.-based entity and, as a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk. Law enforcement has been notified of this matter and the incident is currently the subject of an ongoing forensic review by an independent data security organization."
Another statement arrived from another target, a payment processor Global Payments, which said it "identified and self-reported unauthorized access into a portion of its processing system.
"In early March 2012, the company determined card data may have been accessed. It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potential cardholder impact. The company is continuing its investigation into this matter."
As for the statement from Visa, the association said its own systems were not hacked: “Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards."