Global Payments, the company recently affected by a data breach that may have exposed as many as 1.5 million payment card owners, has released another statement.
While they're confident that their initial estimate on compromised card details is correct, their investigation has revealed the fact that the attackers may have accessed the personal information belonging to a number of consumers.
“Our ongoing investigation recently revealed potential unauthorized access to personal information collected from a subset of merchant applicants. It is unclear whether the intruders looked at or took any personal information from the company’s systems,” reads the statement
“However, the company will notify potentially-affected individuals in the coming days with helpful information and make available credit monitoring and identity protection insurance at no cost. The notifications are unrelated to cardholder data and pertain to individuals associated with a subset of the company’s US merchant applications.”
On the website dedicated to the incident, Global Payments also made a frequently asked questions (FAQ) section, but they don’t really provide many details.
They highlight the fact that the incident is believed to be contained, and that names, addresses and social security numbers have not been exposed. However, they fail to precisely reveal what type of information is in the record sets that may have been looked-at or stolen by the attackers.
Shortly after the initial data breach came to light, Visa rushed to announce that Global Payments was dropped from the PCI compliant list.
Now, the organization’s representatives state that they’re working on finishing the investigation.
“We have hired a Qualified Security Assessor to conduct an independent review of the PCI compliance of our systems. Once that review is complete and we conduct any required remediation, we anticipate returning to the list of PCI compliant service providers,” the FAQ section of the site concludes.