Global Payments, Inc. (NYSE: GPN) (“Global”) has reported a significant data security breach for approximately 1.5 million credit card customers. According to a statement that Global released on Sunday, their investigation has revealed that “Track 2 card data may have been stolen, but that cardholders’ names, addresses and social security numbers were not obtained by criminals.” Using Track 2 data, a hacker can transfer a credit card’s account number and expiration date to a fraudulent card, and then use the fraudulent card for purchases.
As a result of the breach, Visa has removed Global from its list of companies that it considers to be “compliant services providers.” In an effort to calm consumers, Global issued a press release today assuring that “[b]ased on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained.”
The incident reinforces the importance of maintaining adequate data security. Companies must take ample precautions to secure their customers’ data, and if they fail to do so, they may be vulnerable to a serious security breach that could adversely affect their bottom line. As of the time of this post, Global’s stock price has fallen approximately 12% since the data breach news was announced. Even when following best practices in data security, companies still may face data security breaches. Despite these inevitable risks, companies should do everything reasonably required to protect against data breaches. If a company can show that it has taken the proper precautions, then this may mitigate or reduce potential liability in the event of a breach. After a breach, companies should ensure that they follow all of the strict legal requirements for notifying customers of the breach and remedying the effects of the breach. Doing so may greatly reduce a company’s exposure to customer lawsuits and government action against the company.©1994-2013 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.