Global Breach: Did It Start in 2011?

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.bankinfosecurity.com/global-breach-did-start-in-2011-a-4732

By Tracy Kitten
Bank Info Security
May 2, 2012

Evidence is mounting that Global Payments Inc. may have been breached 
months earlier than initially reported.

One affected card issuer told BankInfoSecurity that Visa issued an updated 
alert about the breach on April 26, noting that the window for compromise 
could date back to June 7, 2011. Another card issuer says the window of 
compromise, as provided by Visa, dates back to June 11. Both issuers asked 
to remain anonymous.

Previously, Visa's alerts indicated the breach occurred sometime between 
Jan. 21, 2012, and Feb. 25, 2012. But Global says it notified the affected 
card brands of the breach in early March, as soon as internal systems 
detected a compromise.

"The additional alerts did increase our initial compromised total by about 
50 percent," one card issuer says.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.