MasterCard and Visa have warned banks that a third party processor has experienced a data breach. In statement, both card associations acknowledged the breach and MasterCard said that law enforcement is involved and “is currently the subject of an ongoing forensic review by an independent data security organization.”
Just how big the breach was is still unknown. Brian Krebs, who first reported the story on his blog Krebs on Security, says his sources in the financial sector call the breach “massive.”
Keep in mind, Krebs is citing anonymous sources. Krebs adds:
“The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb. 25, 2012. The alerts also said that full Track 1 and Track 2 data was taken – meaning that the information could be used to counterfeit new cards.”
MSNBC spoke to a security expert at Gartner, who said the stolen data has already been used by thieves.
“I’ve spoken with folks in the card business who are seeing signs of this breach mushroom. Looks like the hackers have started using the stolen card data more recently,” Avivah Litan told MSNBC.
Update at 1:20 p.m. ET. 50,000 Cardholders:
The Wall Street Journal reports it was Global Payments Inc. that was compromised. Quoting “people with knowledge of the situation,” the paper reports 50,000 cardholders could be at risk.
“Global Payments is a large so-called third-party processors of payment cards, including debit cards, credit cards, and gift cards,” the paper reports.
Neither MasterCard nor Visa would give the Journal any indication of how many people were affected.