- Global Payments Inc., the electronic-transaction processor, had trading halted as the credit-card industry investigated a data breach that affected firms including Visa Inc. and MasterCard Inc.
Global Payments dropped 9.1 percent to $47.50 when trading was halted in New York, after earlier plunging more than 13 percent. The Wall Street Journal reported that the Atlanta-based firm was hit by a security breach that may have put 50,000 cardholders at risk. MasterCard slipped 1 percent to $424 at 3:11 p.m. Visa fell 0.6 percent to $118.29.
Visa and MasterCard, the largest payments networks, said in statements that account data may have been compromised at a third-party “entity” and that their own systems weren’t breached. The event may affect data from all major card brands, San Francisco-based Visa said. Neither firm specified how many customers may be affected.
“The incident is currently the subject of an ongoing forensic review by an independent data-security organization,” said Purchase, New York-based MasterCard, adding that card issuers and law enforcement were also notified. “MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information.”
Global Payments’s chief executive officer, Paul Garcia, didn’t respond to a message seeking comment. The company’s stock had climbed 10 percent this year through yesterday -- a gain that was erased by today’s plunge.
Brian Krebs’s krebsonsecurity.com, which tracks cybercrimes and potential threats, reported the breach earlier today, prompting MasterCard’s statement before the Wall Street Journal identified Global Payments. More than 10 million card numbers may have been compromised, Krebs wrote, citing unidentified people in the financial industry.
That figure is dwarfed by the theft of 130 million credit-and debit-card records years ago from Heartland Payment Systems Inc. and other companies, said David Koning, an analyst at Robert W. Baird & Co., in a note to clients today. That case led to the sentencing of a Miami computer hacker in 2010.
While Heartland’s costs from the incident amounted to about $147 million, the firm didn’t lose merchant customers as a result and its stock has since regained initial losses, Koning wrote. The Princeton, New Jersey-based company’s shares have climbed 120 percent since the end of 2009. The breach reported today “is in no way related to Heartland,” the firm said in a statement.
“You hear about a breach and you think to yourself, ‘Well how big could this really be?’” Koning said in an interview. “That creates uncertainty across the whole ecosystem.”