Cyber security breach at Global Payments impacts 1.5m accountholders

First exposed by leading data security blog, KrebsonSecurity, this data breach at Atlanta-based Global Payments (a credit and debit card processor) is currently believed to be confined to North American accountholders.

According to KrebsonSecurity, it remains unclear, however, whether any additional accounts beyond the 1.5 million were exposed by the data breach as the statement from Global Payments focuses only on the number of cards it can presently confirm were offloaded from its systems.

In response to this latest cyber intrusion, Visa dropped the payment processor from its list of approved service providers, saying Global Payments will have to revalidate its compliance processes with the payment card industry's data security standard.

While analysts said MasterCard and Visa were unlikely to face direct costs from the breach, the reality is that MasterCard's shares fell 1.8% and Visa's 0.8% as news of the breach hit the wires. As can be expected, Global Payments' shares dipped dramatically, with the company's stock losing 9% of its value.

Both from a real cost (to shareholders) and reputational aspect, this cyber security breach has, and will continue to have, a negative impact on Global Payments' future standing in the industry.

Data theft of personal account details also affects customer perception of overall credit card security, which can have far-reaching implications in terms of buyer behaviour and brand loyalty.

This latest breach is just another in a long line of headline-grabbing incidents, across all major industries and countries.

The problem, of course, is that everybody is aware that their company's business-critical data is exposed to a variety of threats (including cyber security attacks), but everyone seems to be taking the “It will never happen to us” stance.

When a breach does, inevitably, occur, panic, finger-pointing and a war of words between business executives and IT dominate boardroom discussions.

With countries aligning their legislation surrounding data protection and demanding that company board members be held accountable for any breach or loss of critical information, the time for half-hearted action is a thing of the past.

“It's amazing how often we hear statements along the lines of 'the security of business-critical information is not a priority right now',” says Cibecs Marketing Manager, Brandon Faber.

“What can be more critical to the success of a business than the security of its information? Surely the ability to guarantee business continuity and ensure your company is protected from costly and/or embarrassing lapses in data security is critical to its future wellbeing?”

The solution is deploying measures and technology that safeguard confidential data and assist organisations to navigate the cyber security landscape - among other threats.

“No company can afford to ignore the consequences of a data breach, and the time for action is now,” says Faber. “As Larry Clinton (President and CEO of the Internet Security Alliance) states: 'Cyber security is not an IT issue, it's an enterprise-wide risk management issue that needs to be addressed in a much broader sense'.”

For more information, visit www.cibecs.com or contact (+27) 11 791 0073.