The personal information of certain merchants may have been exposed in addition to the consumer data breach Global Payments (GPN) reported in March, the processor said June 12.
The affected individuals were among a subset of the small merchants that applied to be clients of Global Payments. The exposed information includes the sort of personal information the Atlanta processor uses as part of its underwriting process.
The company stressed that it does not have evidence that any fraudsters obtained or misused the merchant applicants' information — but the servers that contained that information were possibly accessed by an unauthorized party.
Global Payments earlier confirmed that some card data belonging to up to 1.5 million consumers was exposed in a data breach. During its investigation, the company also learned that some merchant data was exposed.
"What we initially announced did in fact impact less than 1.5 million cards … this is something very different," Paul Garcia, Global Payments' chairman and CEO, said in a conference call.
Global Payments is in the process of notifying the affected merchant applicants. It is offering them credit monitoring and $1 million worth of identity-theft insurance. It is also notifying the credit-reporting agencies.
The originally reported consumer breach has not grown bigger than earlier reported, Garcia said. However, Global Payments provided its partners with information on more than 1.5 million card accounts "to cast a wide net to protect cardholders," Garcia said.
The card networks have not yet declared Global Payments to be again compliant with the Payment Card Industry Data Security Standard, Garcia said.
Global Payments expects that the costs associated with its data breaches to be "manageable," and plans to provide an update to investors during its July 26 earnings conference call.