It’s amazing to learn that more than 10 million credit card accounts may have been compromised from a recent theft by a security breach at a U.S.-based processor earlier this year.
Visa and MasterCard are notifying card issuers across the country about the situation, Krebs on Security reported today, saying that enough data was taken in the “massive” breach that it could be used to create new, counterfeit cards. (Post continues below.)
Reuters reported that Discover is “monitoring accounts for suspicious activity” because of the breach.
The Wall Street Journal identified the credit card processor as Atlanta-based Global Payments, a company that processes credit and debit transactions for banks and merchants.
The Daily Mail reported that the card processor was compromised between Jan. 21 and Feb. 25, and the breach is being investigated by the U.S. Secret Service in addition to an independent data security organization.
Visa, MasterCard and Discover issued statements assuring customers that their own systems have not been compromised. They do not issue credit cards themselves, but instead process payments for banks, credit unions and other card issuers.
It is unclear exactly how many accounts may have been affected — the WSJ put the number at 50,000 — though Krebs offered one example:
On Wednesday, PSCU — a provider of online financial services to credit unions — said it alerted 482 credit unions that appear to have had cards impacted by the breach, and that a total of 56,455 member Visa and MasterCard accounts were compromised.
PSCU said fraudulent activity had been detected on a relatively small number of those cards — 876 accounts — and that the activity was geographically dispersed.
In an interview with Forbes, Brian Krebs, who runs Krebs on Security, said that although cardholders are not responsible for fraudulent purchases, “people should always keep an eye on their statements,” and should report suspicious transactions.
Some other tips, from Visa Security Sense: