And we have another data breach folks. This time it’s Global Payments who exposed 50,000 credit and debit accounts (it’s now hit 1.5 million – see update below). Ok so you might be wondering who is Global Payments? Well they’re a really important third party liaison between merchants and banks. They process payments direct funds from buyers using credit, debit, and gift cards to sellers and financial institutions.
As you can see, a breach on this type of system could wreak havoc. The breach is estimated to have occurred between January 21 and February 25. Both Mastercard and Visa have begun notifying customers with affected account numbers. The full extent of the breach is still unknown, as is whether or not vulnerable customers are seeing bogus charges.
Reports have issued warnings about it being a potentially massive breach that may involve more than 10 million compromised cards. Both credit card companies are carefully analyzing the data to determine the source of the breach. Although rumor has it that it might involve a NYC cab and parking garage company.
So who are these cybercriminals anyway? They’re a Central American gang that took over an administrator account that wasn’t protected properly. So what’s the lesson here? Well it’s safe to say that cybercriminals are pretty darn savvy. They will be able to get by one layer of defense… maybe even two layers or three. Practicing good password management, patch management, and a solid defense system using a layered approach is the best to protect your organization against an attack.