NEW YORK (CNNMoney) — A data breach at a payments processing firm has potentially compromised credit and debit card information from all of the major card brands.
Global Payments (GPN), a company that processes card transactions, confirmed late Friday that “card data may have been accessed.” It says it discovered the intrusion in early March and “promptly” notified others in the industry.
Global Payments did not say how many accounts were affected, or what kind of information was compromised. A law enforcement investigation is ongoing.
A Wall Street Journal report from earlier Friday saying that Global Payments had been hacked sent the company’s shares down 9% before trading was halted. The stock did not resume trading before the market closed on Friday.
Global Payments did not say which card companies were affected, but Visa released a statement saying that it was all of the big players.
“Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands,” it said.
When a customer swipes a credit card, the data is sent to a payment processor like Global Payments, which then forwards the transaction information to card companies like Visa and MasterCard.
That’s a massive business: Global Payments processed $167.3 billion worth of transactions in its last fiscal year, which ended May 31, 2011. Global Payments specializing in serving small merchants, like mom-and-pop businesses and local retailers.
It emphasized that none of them were to blame for the data leak.
“It is crucial to understand that this incident does not involve our merchants or their relationships with their customers,” Global Payments said.
It plans to hold a conference call Monday morning to provide more details on the debacle.
‘Massive’ breach? News of the breach was first reported by the respected security blog Krebs on Security. The blog said the breach was “massive,” and could involve more than 10 million card numbers.