In April, Global Payments announced a security breach that put up to 1.5 million credit card numbers at risk. On Tuesday, the payment processor confirmed that this breach has been "contained," and that its scope appears to have been relatively limited.
In a statement, Global Payments said it "believes that this incident is contained," and that it "has made substantial progress in its investigation and remediation efforts." The firm went on to say that the cyber attack implicated "no more than 1.5 million" credit cards within its North American processing system, and that its investigation suggests that the leaked information was limited to "Track 2" data — card numbers and expiration dates.
The Atlanta-based agency acknowledged, however, that it remains "unclear whether the intruders looked at or took any personal information" from its systems. Global Payments didn't specify what this personal information could include, nor did it indicate whether any suspects have been identified, though it vowed to notify potentially-affected customers within the coming days, and to provide monitoring services and identity protection insurance "at no cost."
"We sincerely apologize for this incident and are working diligently to conclude our investigation," Chairman and CEO Paul R. Garcia said in a statement. "We are committed to fully resolve any issues arising from this matter and we, of course, continue to provide uninterrupted transaction processing for our customers worldwide." Global Payments says it will provide another update on its investigation no later than July 26th.