Global Payments, a major credit card processing company, has reportedly been hacked. That means each of the four major credit card companies, and according to reports, as many as 10 million customers are at risk.
The story has been developing throughout the morning. Right now, it goes like this: Hackers gained access to an administrative-privileged account at a New York City taxi company and, over the course of several months, stole 10 million credit card numbers. They've been sitting on them, waiting to spend all at once to maximize the time before they're shut down.
The Wall Street Journal puts the number of compromised accounts around 50,000, which is a far cry from 10 million. The massive number had originally been sourced to a post from a Gartner analyst, and while it seems a little far fetched that a cab company would have millions of numbers, we'd still err to caution.
Visa and Mastercard have both issued statements explaining the breach, but stressed that their networks were not specifically breached. Though that doesn't really matter if you're affected by the hack of "third-party processor" Global Payments. No word yet from American Express or Discover, but both are accepted by official NYC cabs.
Third-party processors like Global Payments or PayPal simplify accepting credit cards for small or spread out merchants. So a cab using GP is about the same as an eBay seller using PayPal, and this hack affects users the same way a PayPal hack would. Which is to say, very seriously.
Everyone seems to be scrambling to figure out what's going on here, including credit card companies. What we're going on right now is that this is probably based out of New York, and probably confined to those who've paid for a cab with a credit card. If you fit that description, think about preemptively checking in with your card company to protect yourself. [Gartner, PhysOrg, CNN, WSJ]
Update: Bank of America and Chase have apparently been alerting their customers about this breach for weeks, but not providing specifics beyond their individual accounts. And in some cases, alerted customers received fraudulent charges even after a card had supposedly been shut down.
Thanks Lauren & iomegaman5