The hack into Visa and MasterCard payment processor Global Payments turns out to have been massive, exposing 1.5 million customers' information (including account numbers) and costing the third-party contractor its spot on Visa's registry of secure providers.
When news of the data breach hit on Friday, the scope was a little unclear. But on Sunday night, Global Payments announced that up to 1.5 million accounts had been compromised and that "the thieves 'exported' the information, which is typically more serious than hackers who are only able to break in and view the data," according to The Wall Street Journal's Robin Sidel. The stolen credit card data can be used to create counterfeit cards that charge to unsuspecting customers' accounts. "The company said that credit card data may have been stolen, but that cardholder names, addresses and Social Security numbers were not obtained," the Associated Press reported.
Fortunately for all involved, the size of the breach didn't reach the 10 million suggested by Brian Krebs at Krebs on Security Friday. But it's still been hard on Global Payments: After the company revealed the scope of the attack, Visa removed it from its list of approved processors (though the company continues to process Visa charges, the Associated Press reports). Global Payments' stock has also fallen dramatically since the breach was made public.