Keep a close watch on your credit card statements if you hold Visa or Mastercard plastic – MSNBC is reporting that law enforcement officials are investigating what appears to be a massive theft of U.S. consumers’ credit card data.
MasterCard and Visa confirmed the theft Friday while the computer security expert who first reported the theft said it might involve as many as 10 million accounts, making it one of the largest known credit card heists.
“MasterCard is currently investigating a potential account data compromise event of a U.S.-based entity and, as a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk,” that association said in a statement. “Law enforcement has been notified of this matter and the incident is currently the subject of an ongoing forensic review by an independent data security organization.”
Payment processor Global Payments said late Friday it was the target of the hack. In a statement, the firm said it “identified and self-reported unauthorized access into a portion of its processing system.” Earlier Friday, trading in Global Payments stock had been halted.
“In early March 2012, the company determined card data may have been accessed,” the firm said. “It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potential cardholder impact. The company is continuing its investigation into this matter.”
MSNBC reports that the theft was first reported by computer security journalist Brian Krebs on his blog, KrebsonSecurity.com. He reported that hackers had access to the then-unknown processor’s data from Jan. 21 through Feb. 25, and were able to siphon off enough data to easily create counterfeit cards. His sources called the leak “massive.”
Visa, in a statement, also acknowledged the data theft but said its own systems were not hacked.
“Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands,” the firm said. “Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards.”
Gartner security expert Avivah Litan told MSNBC that her sources have informed her that the stolen data is already being used on the street by identity thieves.
“I’ve spoken with folks in the card business who are seeing signs of this breach mushroom. Looks like the hackers have started using the stolen card data more recently,” she said. She’s been told that investigators believe the data theft originated in New York City.