Concerns about credit-card security heightened Friday after a little-known Atlanta company disclosed it had been hit by hackers, potentially exposing hundreds of thousands of account holders to fraud.
The breach at Global Payments Inc. is the latest in a wave of data attacks that have heightened consumer concerns about identity theft. The card industry has been particularly vulnerable to those concerns amid a slew of big breaches in recent years as more Americans choose to pay with plastic rather than cash.
The extent of the breach couldn't be determined and it wasn't immediately clear if cardholders have seen fraudulent transactions. Consumers typically aren't liable for unauthorized purchases made on their cards.
The company declined to say how many cards were at risk, but people familiar with the investigation estimated that it could be hundreds of thousands.
The company said it "identified and self-reported unauthorized access into a portion of its processing system." It added that in early March it "determined that card data may have been accessed."
Global Payments didn't disclose what type of data had been accessed, but said it had notified "appropriate industry parties to allow them to minimize potential cardholder impact."
News of the breach broke in the morning but Global Payments confirmed it only after the market close. Global Payments shares tumbled 9% to $47.50 a share on the New York Stock Exchange, after people involved in investigating the breach identified the company to The Wall Street Journal as the victim of the attack. The stock was halted at midday. The company is scheduled to report quarterly earnings on April 4.
The breach underscores the mazelike network of the U.S. payment system, where little-known companies play important roles in processing billions of transactions each day. Global Payments is part of a group of companies called "third-party processors," that serve as middlemen between merchants and banks.