As many as one and a half million American credit card numbers have been stolen from payment processing company Global Payments.
But, says the company, while Track 1 and 2 card data may have been stolen, cardholder names, addresses and social security numbers appear to be safe. It says it's working with forensic firms, regulators and law enforcement to try and minimize the effects of the attack.
However, Track 1 and track 2 data can be used to allow the hackers to produce cards including the CVV/CCV code often required for online transactions, and already many fraud attempts have been made, mainly in the New York area.
Global Payments gives merchants access to the payment brokering networks such as MasterCard and VISA, both of which say their own networks weren't involved.
"We are making rapid progress toward bringing this issue to a close. Our nearly 4,000 employees around the world are focused on providing exceptional service," says chairman and CEO Paul R Garcia.
"We are open for business and continue to process transactions for all of the card brands."
VISA has now removed Global Payments from its list of approved service providers.
"There is much speculation about the source of the breach as many are reporting that the majority of the fraud is occurring in the greater New York City area, yet cards are being cancelled around the country," says Chester Wisniewski of Sophos.
"Fortunately consumers don't need to worry too much. Card issuing banks (Bank of America, Chase, etc.) are cancelling cards that are involved in the theft and card holders will not be held responsible for any fraudulent activity."