Payment processor Global Payments acknowledged Tuesday that a breach at the company announced in early March may have affected individual consumers, as well as merchants.
In an update to its 2012infosecurityupdate.com site, the Atlanta-based company wrote that an ongoing investigation “revealed potential unauthorized access to personal information collected from a subset of merchant applicants.” The company can’t confirm whether information on the applicants was copied. As a precaution, however, it is notifying any potentially-affected individuals and providing them with complimentary credit monitoring and identity protection.
The Atlanta-based company confirmed in late March that a portion of its system had been compromised earlier that month and in April announced that the breach yielded around 1.5 million users’ credit cards, including so-called “Track 2” data that can be used to clone credit cards.
It’s still unclear just how long the breach affected the payment processor. Initial alerts from Visa and MasterCard suggested the breach began around June 2011. However, subsequent notifications pushed the beginning of the breach much further back, to January 2011.
Global Payments stresses the latest announcement does not apply to the company’s cardholders, but to its U.S. merchant account applicants. Global Payments promised it would provide further information regarding the ongoing investigation and the company’s compliance with the Payment Card Industry (PCI) data security standard before its year-end earnings call on July 26.