Global Payments breach raises questions

Company's description of breach leaves some gaps

1 2 Page 2
Page 2 of 2

Meanwhile, in a blog post Monday, Krebs added that he has information suggesting that Global Payments may have been breached for much longer than the company has let on. According to Krebs, documents obtained from a hacker suggest that criminals may have had control of the company's network for the past 13 months before they were discovered earlier this year. Krebs claimed that document, which he is attempting to authenticate with Global Payments, appears to contain sensitive information about the payment processor's internal databases.

Amy Corn, a Global Payments spokeswoman, would neither confirm nor deny whether Track 1 data had been compromised in the breach. "What I can tell you is that the investigation to date has shown that card holder names, addresses and Social Security numbers" were not exposed, she said, reiterating earlier comments by the company.

According to Litan, some in the payment industry believe that the breach will "mushroom." Global Payments has said that no merchant system was involved, but Litan said her sources have indicated that the breach may involve a taxi and parking garage company in the New York metropolitan area, although that is still unconfirmed. She noted that Global Payments is not obligated to report the breach publicly if card holders' names and other pieces of personally identifying information were not exposed.

In a blog post on the Gartner website, Litan said she has information suggesting that the crime was perpetrated by a Central American criminal gang that broke into the company's systems by answering knowledge-based authentication questions correctly. "Looks like the hackers took over an administrative account that was not protected sufficiently," Litan said.

Corn said she couldn't confirm or deny Litan's claim that a New York cab company might have been involved in the breach. She also offered no comment on Krebs' latest post suggesting the company's networks may have been under criminal control for more than a year.

Adam Bosnian, executive vice president of security vendor Cyber-Ark, said that if Litan's information about how the breach occurred is correct, it would fit into a developing pattern.

"Targeting privileged accounts as a gateway to an organization's high-value targets is becoming a startling trend," Bosnian said. "If you examine the rash of recent breaches, they follow a distinct pattern: Hackers gain access to an administrative account through often-simple means, like an easy-to-crack password, spear-phishing or exploitable zero-day vulnerability," and then escalate their privileges on the compromised computer.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon