Four giant card-payment processors and large US banks that issue debit and credit cards were hit by a data-security breach after third-party services provider Global Payments Inc discovered its systems were compromised by unauthorized access.
It was not immediately clear how many cardholders became victims of the breach, which affected MasterCard Inc, Visa Inc, American Express Co and Discover Financial Services, as well as banks and other franchises that issue cards bearing their logos.
However, Krebs on Security described it as a “massive” breach that might affect more than 10 million cardholders.
Global Payments said it determined that an unauthorized entity had accessed its systems and possible customer card data in early March.
Krebs on Security, a blog that first reported the incident on Friday, said accounts had been compromised for over a month, between Jan. 21 and Feb. 25.
Global Payments is holding an investor conference call tomorrow morning to discuss the issue.
US law enforcement authorities including the Secret Service are investigating and MasterCard said it has hired an independent data-security organization to review the incident.
Trade in shares of Atlanta-based Global Payments, which acts as a credit-checking middleman between merchants and card processors, was suspended on Friday afternoon after dropping more than 9 percent on the news.
MasterCard fell 1.8 percent to close at US$420.54, Visa dropped 0.8 percent to US$118, American Express fell 0.1 percent to US$57.86, while Discover rose 1.2 percent to US$33.34.
Analysts said any financial losses from the data breach would be shouldered by merchants, card issuers and Global Payments rather than Visa or Mastercard, which operate payment networks.
This Global Payments breach is just the latest in a long string of incidents that have put the personal information of millions of credit and debit cardholders at risk.