Alerts issued by Visa and Mastercard earlier this week suggest that a breach at payment processor Global Payments dates to January 2011, a full year earlier than the company initially announced.
In alerts obtained by Bankinfosecurity.com, the two card companies claim the start of the security breach was January 30, 2011, not June, 2011.
The exact timeline of the breach has been a source of contention for a few weeks. Global Payments initially claimed the incident occurred between January and late February 2012 but subsequent alerts from Visa and Mastercard, obtained by Krebsonsecurity.com, implied the time frame stretched back to June of last year.
Global Payments, citing an ongoing investigation, still has not officially commented on the timing of the breach.
“It would be premature and inappropriate for us to confirm any timeframes (sp) until the investigation is complete,” reads a FAQ on 2012infosecurityupdate.com, a site launched in early May that the company continues to refer concerned parties to.
News of the breach broke in early March after 1.5 million credit card numbers, including track 2 data were stolen from the Atlanta-based company, though the number of cards stolen, much like the breach’s timeline, seems to be a matter of debate. Preliminary reports estimated more than 10 million credit card numbers were compromised – much higher than the number acknowledged by Global Payments. A subsequent Wall Street Journal report in May put the number closer to seven million cards.