With more sensitive company information now stored in the cloud, on mobile devices and virtual machines, it has become essential for all organizations to properly secure actual data, not just the perimeter. Recently, several major enterprises have experienced significant data breaches, resulting in costly fines, unhappy customers, reputation damage, identity theft, intellectual property loss and more.
Global Payments, a provider of electronic transaction processing services for merchants, financial companies, government agencies and other organizations, announced on March 30 that it recently detected unauthorized access into a section of its processing system, possibly exposing customers' card information. Three days later, the firm's chief executive officer, Paul Garcia, said in a conference call with stock analysts that the extent of the breach is still unknown, but as many as 1.5 million credit card numbers from North American customers were potentially compromised.
"We have a high degree of confidence in that number," Garcia said, adding that the breach is "absolutely contained" and the hackers failed to extract cardholder names, addresses and Social Security numbers, limiting their ability to commit identity theft.
Global Payments is still investigating the incident along with multiple data security and forensics firms and about 1,000 of its 4,000 employees. The company said consumers should review their credit card statements for fraudulent activity, although it is unaware of any such transactions. Additionally, the payment firm has launched 2012infosecurityupdate.com, a website designed to help cardholders and merchants deal with the breach's impact.
"This incident will not adversely affect merchants or their relationship with their customers," the website's general information section says. "We also know you may have questions regarding the incident."
Although the total damage of the breach has yet to be determined and it's possible the credit card numbers are never used for fraudulent activity, the incident still highlights the trend of more enterprises failing to secure private customer information. A Dark Reading report examined the breach and determined that several authentication lessons can be learned from Global Payments' practices. According to the source, the company's systems most likely included weaknesses in knowledge-based authentication and magnetic stripe security.
Regardless of how the hackers broke into Global Payments' systems, it's more important than ever for enterprises to improve security and implement best practices in data protection. Experts say all organizations should consider encrypting private data and intellectual property from endpoints to on-premise, offsite and cloud servers. Many businesses have improved security and achieved regulatory compliance by using advanced data loss prevention solutions that monitor networks and systems in real time and quickly detect threats.