A data breach at a card processor may have affected more than 10 million Visa and MasterCard accounts, security expert Brian Krebs reported Friday on his blog.
MasterCard (MA) and Visa (NYSE:V) confirmed the incident in emails to American Banker.
Global Payments (GPN) said Friday afternoon that it is the affected processor (it had been identified earlier in a Wall Street Journal article that cited "people with knowledge of the situation"). The Atlanta processor said in a press release that it discovered an unauthorized access of its processing system in early March.
"MasterCard is currently investigating a potential account data compromise event of a U.S.-based entity and, as a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk," Jim Issokson, a representative for MasterCard, said in an emailed statement.
"Law enforcement has been notified of this matter and the incident is currently the subject of an ongoing forensic review by an independent data security organization. It is important to note that MasterCard's own systems have not been compromised in any manner," Issokson said by email.
Visa said it is "aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands," according to an emailed statement. "There has been no breach of Visa systems, including its core processing network VisaNet."
The compromise occurred between Jan. 21 and Feb. 25, according to Krebs' report. Though the card networks did not name the breached entity, Krebs said he learned from sources at two major financial institutions that many of the affected cards were used at parking garages in the New York area.
"I've spoken with folks in the card business who are seeing signs of this breach mushroom," said Avivah Litan, a vice president and distinguished analyst at the Stamford, Conn., market research company Gartner Inc., in a blog post. "Looks like the hackers have started using the stolen card data more recently."