Home > Regions > North America > Data Privacy and Network Security Alert: Massive Data Breach at Credit Card Processing Company

Data Privacy and Network Security Alert: Massive Data Breach at Credit Card Processing Company

Visa, MasterCard and Discover have notified their issuing banks of a recent security breach at the seventh largest credit card processing company, which could affect up to 10 million cardholders. The breach occurred at Global Payments, Inc., an Atlanta-based company that assists the major credit card companies in processing transactions for merchants. Initial reports indicate that the breach occurred between January 21, 2012 and February 25, 2012, and the intrusion may be connected to Dominican street gangs in and around New York City. When news of the breach broke, Global Payments’ stock plunged as much as 14 percent and trading was halted on its stock. Global Payments has said that credit card data may have been stolen, but that cardholder names, addresses and social security numbers were not obtained. Both Visa and MasterCard have indicated that their own systems had not been compromised. 

This latest incident in a flurry of data breaches has heightened concerns about identity theft. Consumers should remain vigilant and take proactive measures to safeguard their personal information. If you suspect that your personal information has been compromised, here are some helpful steps you can take to minimize your damages:

  • Check recent credit card statements
    Given that this data breach occurred between late January and late February 2012, it is critical that you review your recent credit card statements from the past three or four months and those statements going forward to identify and immediately address fraudulent charges. Keep in mind that thieves often make several small charges to test your card before they make large purchases.
  • Enroll in credit monitoring
    Most companies affected by data breaches will offer their consumers complimentary credit monitoring for at least 12 months. Credit monitoring services, offered by the three major consumer reporting agencies (TransUnion, Equifax and Experian), provide you with unlimited access to your credit report and credit score. Credit monitoring services will notify you if there are any critical changes to your credit files, including fraudulent activity, new inquiries, new accounts, new public records, late payments, change of address, and more. Even if you are not offered complimentary credit monitoring, the nominal average cost of $15 a month for this service is worth the protection you will receive.
  • Place a fraud alert
    Whether or not you choose to use the credit monitoring services, you can place an initial 90-day “Fraud Alert” on your credit files. A fraud alert tells creditors to contact you personally before they open any new accounts. In order to place a fraud alert, you will need to call any one of the three major credit bureaus (as soon as one credit bureau confirms your fraud alert, they will notify the others to place fraud alerts).
  • Request a security freeze
    In addition, you may request a “security freeze.” Any consumer may place a security freeze on his or her credit report by sending a request in writing, by mail, to all three nationwide credit reporting companies. A security freeze prohibits, with certain specific exceptions, the consumer reporting agency from releasing your credit report or any information from it without the express authorization of the consumer. However, keep in mind that the security freeze may delay, interfere with or prohibit the timely approval of any subsequent credit or loan request or application you make that involves access to your credit report. There may also be a fee for placing, temporarily lifting or removing a security freeze with each of the nationwide consumer reporting companies, although that fee may be waived if you send the credit reporting company proof of eligibility by mailing a copy of a valid identity theft report, or other valid report from a law enforcement agency (police report) to show you are a victim of identity theft and are eligible for free security freeze services.
  • Free credit report information
    Under federal law, you are also entitled to one free credit report once every 12 months from each of the three major nationwide credit reporting companies. Call 1-877-322-8228 or make a request online at www.annualcreditreport.com.
  • Check your credit reports and financial statements regularly
    Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Checking your credit reports and financial statements frequently can help you spot problems and address them quickly.
  • Notify law enforcement and FTC of suspicious activity
    If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local law enforcement agency and file a police report. Get a copy of the police report, as many creditors will want the information it contains to absolve you of the fraudulent debts. You may also file a complaint with the FTC at www.ftc.gov/idtheft or reach the FTC at 1-877-IDTHEFT (1-877-438-4338) or 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcers for their investigations.

If you have any questions, please contact:

James J. Giszczak

Dominic A. Paluzzi

or click on the link below:

Data Privacy and Network Security

McDonald Hopkins counsels businesses and organizations regarding all aspects of data privacy and network security, including proactive compliance with the numerous state, federal and private data security regulations (including PCI DSS and HITECH) relative to personal information and protected health information, training of employees and preventative measures to decrease the risk of data theft. We also counsel businesses and organizations through the data breach response process and coordinate notifications to affected individuals and state attorneys general, as well as advising on media related issues. Our attorneys can help you properly assess your risks to ensure compliance. After you complete the brief McDonald Hopkins Data Privacy and Network Security Review, your company will be provided with an assessment of the required areas of compliance which have the greatest need of attention and improvement.

Carl J. Grassi, President
600 Superior Avenue, East, Suite 2100, Cleveland, Ohio 44114
Fax: 312.280.8232
Fax: 216.348.5474
Fax: 614.458.0028
Fax: 248.646.5075
Fax: 1.305.704.3999
West Palm Beach
Fax: 561.472.2122
IRS CIRCULAR 230 DISCLOSURE: To ensure compliance with requirements imposed by the Internal Revenue Service, we inform you that any tax advice contained in this communication (including any attachments), was not intended or written to be used, and cannot be used, by any taxpayer for the purpose of (1) avoiding any penalties under the Internal Revenue Code or (2) promoting, marketing or recommending to another party any transaction matter addressed herein.

© 2012 McDonald Hopkins LLC All Rights Reserved. This Alert is designed to provide current information for our clients, friends and their advisors regarding important legal developments. The foregoing discussion is general information rather than specific legal advice. Because it is necessary to apply legal principles to specific facts, always consult your legal advisor before using this discussion as a basis for a specific action.