A global electronic transaction processing firm has announced that a security breach that occurred earlier this year has now been contained.
Global Payments first announced the breach on May 30. Cybercrime website Krebs on Security originally reported that more than ten million accounts were potentially affected, and stocks in the company plunged 13.7 per cent as a result.
Since then, Global Payments has engaged multiple security and forensics experts to investigate the incident, and recently posted an update on the situation.
"Based on the investigation to date, we continue to believe that a limited portion of our North American card processing system was affected," reads the security alert.
"Actual card numbers that may have been exported did not exceed 1,500,000 and any potential card exportation was limited to Track 2 data."
Because only Track 2 data was compromised, no names, addresses or social security numbers were stolen and the incident is now contained.
While it is still unclear whether any personal information was viewed or extracted, Global Payments is promising to notify anyone potentially affected in the coming days, and has offered free credit monitoring and identity protection insurance to those at risk.
As part of the incident, several card brands have removed Global Payments from their list of PCI DSS compliant service providers.
More information on the investigation, as well as financial impact and PCI DSS compliance implications will be released by July 26, the company confirms.
“We sincerely apologise for this incident and are working diligently to conclude our investigation," said Paul Garcia, Global Payments chairman and chief executive.
"We are committed to fully resolve any issues arising from this matter and we, of course, continue to provide uninterrupted transaction processing for our customers worldwide.”
Global Payments is a Fortune 1000 company that processes transactions from Visa, MasterCard and American Express.