Global Payments Inc., an Atlanta-based credit card processing company, said today that less than 1.5 million credit card numbers may have been compromised in a widely reported data breach.
On Friday, media reports circulated that MasterCard and Visa had notified U.S. banks of a potential security breach. Initially, the blog Krebs on Security reported that the card schemes told banks across the U.S. about a "massive" breach that may affect more than 10 million cardholders.
However on Monday Global Payments said the "unauthorized access to its processing system," which occurred in early March, affected no more than 1.5 million card accounts. The company said it believes that the affected portion of its processing system is confined to North America and that only Track 2 card data -- which includes account numbers -- was compromised, but that cardholder names, addresses and social security numbers were not obtained by the fraudsters.
"We are making rapid progress toward bringing this issue to a close," said said Global Payments Chairman and CEO Paul Garcia in a press statement. "We are open for business and continue to process transactions for all of the card brands."
Visa reportedly removed the company from its list of approved service providers, telling it to revalidate as PCI DSS compliant.