Visa, MasterCard affected by ‘massive’ data breach; NYC gangs being blamed?

650-credit-card-fragmentsAtlanta, Georgia-based credit card processor Global Payments Inc. has revealed that is has suffered a “massive” security breach, affecting US banks as well as the likes of Visa and MasterCard. The breach may involve more than 10 million credit card numbers.

Late last week, Visa and MasterCard began alerting banks that certain credit cards had been compromised, though the compromised credit card processor hadn’t been named yet. Enough data had been taken to counterfeit new credit cards. Though its not exactly clear how many accounts have been compromised, at least 482 credit unions have been alerted and early on there was a total of 56,455 VISA and MasterCard accounts compromised.

The credit card data had been compromised in the time between January 21 and February 25 of 2012. Much of the fraudulent activity seems to come from credit and debit cards issued to businesses. Analysis of the transactions seem to point to New York City parking garages. The Krebs on Security blog, which broke the story, reported that the breach could be connected to Dominican street gangs based in and around New York City.

Visa released a statement that the Visa systems, including VisaNet has not been breached. The company made it very clear that the third party was responsible, and reassured customers that Visa has many security measures in place including encryption, tokenization and authentication using EMV chip technology.

Global Payments released a statement on Friday copping to the security beach, which it became aware of in early March of 2012. The idea of a data breach affecting major corporations like Visa is certain to cause cringing, especially with the bevy of massive and bold breaches in 2011. NY-based Dominican gangs are tentatively being named the scapegoats by some sources, but the companies are still investigating.

Global Payments stock reportedly dropped by 9 percent today. CEO Paul Garcia said, “It is reassuring that our security process detected an intrusion. It is crucial to understand that this incident does not involve our merchants or their relationships with their customers.”