The payments processor announced March 30 that it had uncovered the breach early in the month and that it had “immediately engaged external experts in information technology forensics and contacted federal law enforcement” and that it “promptly notified appropriate industry parties to allow them to minimize potential cardholder impact.”
Later, on April 2, the company announced that 1.5 million accounts were compromised but called the breach “contained.”
Because the breach compromised card numbers as well as data from both Tracks 1 and 2 but not additional data such as billing addresses, three digit security codes and passwords, the insurer warned that thieves may try to obtain that information from consumers through fraudulent communications.
“This card information was not part of the recent Global Payments breach. Criminals may ask members for this information to add to the other card data they may have obtained from the breach to perform card present (key entered) or card-not-present (mail/telephone/internet) non-magnetic stripe transactions,” CUNA Mutual said in the alert.
The insurer maintained its advisory that credit unions should warn their members against ever responding to emails, text messages or phone calls requesting this type of information. If a member receives a suspicious request, they should be advised to immediately contact the credit union.
Alerting members of this potential phishing campaign may help curb the potential for ID theft that may result from the recent card breach, CUNA Mutual said.