March 30 (Bloomberg) -- Global Payments Inc., the transaction processor that plunged today on a report that account data may have been compromised, said it detected a possible breach weeks ago and told federal authorities.
“In early March 2012, the company determined card data may have been accessed,” the Atlanta-based firm said today in a statement four hours after its shares were halted, without specifying how many accounts may be affected. “The company promptly notified appropriate industry parties to allow them to minimize potential cardholder impact. The company is continuing its investigation into this matter.”
Global Payments’s stock plunged (GPN:US) as much as 13.7 percent, and was down 9 percent when its trading was stopped, after the Wall Street Journal reported the firm was hit by a security breach that may have put 50,000 cardholders at risk. A separate report on krebsonsecurity.com, which tracks cybercrimes, said more than 10 million accounts may have been affected by an incident in the payment industry.
Amy Corn, a spokeswoman for Global Payments, declined to comment beyond its statement. Shares of the firm, led by Chief Executive Officer Paul Garcia, had climbed 10 percent this year through yesterday -- a gain that was erased by today’s drop.
The company “identified and self-reported unauthorized access into a portion of its processing system,” according to its statement. “It immediately engaged external experts in information technology forensics and contacted federal law enforcement.”
Visa Inc. (V:US) slipped 0.8 percent, and MasterCard Inc. (MA:US) fell 1.8 percent. The companies, which rank as the world’s biggest payments networks, said in statements that their own systems weren’t breached. An event at a third-party entity may affect data from all major card brands, San Francisco-based Visa said. Neither firm specified how many customers may be affected.
“MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information,” the Purchase, New York-based firm said.
The report on krebsonsecurity.com, run by former Washington Post journalist Brian Krebs, prompted MasterCard’s statement before the Wall Street Journal identified Global Payments. Krebs cited unidentified people in the financial industry in estimating that more than 10 million accounts may be involved.
That figure is dwarfed by the theft of 130 million credit- and debit-card records years ago from Heartland Payment Systems Inc. (HPY:US) and other companies, said David Koning, an analyst at Robert W. Baird & Co., in a note to clients today. That case led to the sentencing of a Miami computer hacker in 2010.
While Heartland’s costs from the incident amounted to about $147 million, the firm didn’t lose merchant customers as a result and its stock has since regained losses, Koning wrote. The Princeton, New Jersey-based company has climbed 120 percent since the end of 2009. The breach reported today “is in no way related to Heartland,” the firm said in a statement.
“You hear about a breach and you think to yourself, ‘Well how big could this really be?’” Koning said in an interview. “That creates uncertainty across the whole ecosystem.”
To contact the reporter on this story: Donal Griffin in New York at firstname.lastname@example.org
To contact the editor responsible for this story: David Scheer at email@example.com.