When news broke of a data breach within the network of the payment processor Global Payments, the company put a lot of effort into letting the public know that it had discovered the breach itself that it was taking steps to make sure that the breach was contained. The company released a statement on April 1st to let the public know that non-sensitive credit card data had been accessed and that as many as 1.5 million cards may have been affected. While that was a massive number of potential victims, Global Payments made assurances that the problem was under control and that it would keep the public updated.
Over a month later, updates have finally come... but not from Global Payments. Brian Krebs, the blogger for the Wall Street Journal who first broke the news of the breach, has released additional information that he received from sources close to the investigation. According to Krebs, the number of affected cardholders isn't 1.5 million like Global Payments reported, but may instead be as high as 7 million. The stolen data apparently wasn't as non-sensitive as Global Payments first suggested either, as several cases of debit card fraud have now been linked to the data breach; not only did the breach apparently include card numbers, but it also included card security codes.
Once it was discovered that sensitive card data was involved and that a larger number of cards were accessed, Global Payments should have gone out of its way to make sure that individuals who were at risk were informed of the problem so that their cards could be canceled and reissued by their banks. Instead, Global Payments has remained largely silent on the matter except for the establishment of a page on their website that is nearly impossible to find if you don't know exactly where it is.
You would think that after some of the high-profile data breaches from last year, companies like Global Payments would have realized that it's in everybody's best interest to be upfront with the public about what's going on. It's never good news when there's a data breach or sensitive information has been compromised, but companies have a responsibility to do their best to let individuals who are at risk know about it. Despite all of their posturing about transparency and keeping the public updated, Global Payments has failed at this responsibility and there are potentially millions of people who may have paid the price for that failure.
With any luck, other companies will learn from Global Payments' mistakes and will strive to keep those at risk informed in the unfortunate event that data is stolen or intercepted from their networks. There is simply no excuse for keeping quiet when the public's personal and financial information has been accessed, especially when it's discovered that things are much worse than initially believed.
Leave a comment