Global Payments (GPN) says as many as 1.5 million credit card numbers in North America may have been taken as part of a breach into the system it uses to process payments.
The Atlanta-based company said the breach, which it reported on Friday, was confined to North America. The credit card processor said it first noticed a possible breach three weeks ago.
Global Payments CEO Paul Garcia said he believes the incident is contained. The company is monitoring the issue using forensic analysis, network monitoring and additional security measures.
While some card data may have been stolen, cardholder names, addresses and social security numbers did not fall into the hands of criminals. Garcia said the company is not aware of any fraudulent transactions at this time.
Meanwhile, affected card operators Visa (V) and MasterCard (MA) on Friday said they had notified their cardholders of the potential for identify theft. Visa customers temporarily lost the ability to use their cards on Sunday, but the company said that was not related to the breach. It has removed Global Payments from its list of “approved” processors.
Global Payments, which also services government agencies and businesses in Europe and Asia, said it continues to work with industry third parties, regulators and law enforcement to minimize the potential impact on the affected cardholders. It has also engaged the help of multiple information security and forensics firms. A federal investigation is ongoing.
“We are open for business and continue to process transactions for all of the card brands,” Garcia said.
Hackers have succeeded in stealing thousands of card numbers over the last year, including 360,000 from Citigroup (C) last June. Sony’s (SNE) PlayStation Network was another high-profile breach that caused the company to shut its service for weeks.