Global Payments confirmed late this afternoon that "card data may have been accessed," in a hacking episode in early March, said CNN in a breaking news report. The payments' processor didn't say how many accounts were compromised nor what type of card data was stolen, but said that it had "promptly" notified companies whose data was involved.
Krebs on Security posted a blog that said the breach could affect as many as 10 million card numbers. All major card brands have released statments and alerts about the breach.
In a blog post today, Gartner security analyst Avivah Litan said sources told her that hackers had already begun to use some of the stolen card data.
The Wall Street Journal reported on Friday that the hacking news caused Global Payments stock to drop 9 percent before sales of the company's shares were suspended. Trading did not resume for the rest of the day.
According to some in the security industry, the breach highlights PCI-DSS shortcomings. "Expect to see yet another round of almost religious fervor in the debate over the real value of PCI-DSS," Geoff Webb, director of product marketing at data-protection company Credant Technologies, said in an email.
For more on this topic, visit our security research center.