Security Market Segment LS
Wednesday, 04 April 2012 00:31

The ten million card hack - there were at least two hacks


At the end of yesterday's report, it was speculated that the Global Payments breach represented only part of the story.  This is becoming a strong probability.

In our reporting of the recent US-based credit card breach and later updates we downgraded the initial estimate of 10 million cards to a mere 1.5 million; however it now seems this second figure is very conservative.

The figure of 1.5 million is based on the number of cards that Global Payments is absolutely certain were 'stolen.'  It makes no allowance for additional data that was almost certainly stolen in addition to the 1.5 million; we should expect the total to creep closer to 10 million.

However, there have been a number of intriguing 'anomalies' in the saga that are only now being recognised.

In Brian Krebs' initial report, he spoke of a major breach being reported by Visa and MasterCard.  He also spoke of New York parking garages and Dominican gangs.  At no time did he mention Global Payments.

Furthermore, Gartner's Avivah Litan also spoke of gangs and taxis and parking companies in New York.

Next thing we know, Global Payments has outed themselves as being breached, with the clear implication that there was a 'hacker' breach into their secure systems.

This doesn't seem to fit with the whole New York thing.

Additionally, both Krebs and Litan tuned into yesterday's Global Payments conference call and both are of the opinion that the breach described by both Visa and MasterCard in their warnings early last week is NOT the one described by Global Payments - something this writer suggested over 24 hours ago.

In addition, Krebs' sources are suggesting this is not the first time Global payments was breached - they've been continuously 'open' between early 2011 and the closing of the gap in March this year.

With so many pending investigations involving law enforcement, Visa, MasterCard and so on, it is difficult to get the truth from anyone and so far this saga remains extensively untold.

One thing is certain though.  Global Payments is currently not PCI DSS compliant and yet they continue to process transactions.  How this is possible has yet to be determined.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.



Recent Comments