Global Payments, a third-party processor of credit card payments for Visa, MasterCard and Discover, said late last night that the data breach made public last week may have risked about 1.5 million credit card numbers.
"The investigation to date has revealed that Track 2 card data may have been stolen, but that cardholder names, addresses and social security numbers were not obtained by the criminals," the company said in a press release. "Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained."
Track 2 data means that enough data was stolen that thieves could recreate a card's magnetic stripe. The thieves would be out of luck, however, if they tried to use the card and a merchant asked for the security code printed on the back of the card.
The Los Angeles Times reports that Global Payments says it has not seen any fraudulent activity on any of the stolen card numbers. The Times adds that Visa has removed Global Payments from "from a registry of partners who meet data security standards, though the company continues to process Visa transactions."
Last week, MasterCard posted tips for its customers. The most important, they say, is to monitor your accounts and if you notice something strange, call the card company immediately. MasterCard adds that in most countries their card holders will face no liability for "unauthorized transactions."
Update at 2:03 p.m. ET. Global Payments Should Be More Forthcoming:
Sen. Bob Casey, a Democrat from Pennsylvania, sent a letter to Global Payments asking the company to release more detailed information about the breach. Casey also complains that the company took too long to make the breach public, saying the company first learned of the intrusion in early March.
The breach was made public by a security blogger, who learned that Visa and MasterCard were warning banks of the breach.
"The company needs to take immediate steps to be more forthcoming with consumers and explain why it took so long to let Americans know that their personal financial information was compromised," Casey said in a statement.
Neither the credit card companies nor Global Payments seem to have notified cardholders about whether their accounts were compromised.