We’re not out of the woods on this one yet.  As I’ve previously written, the breach of credit and debit card accounts at Global Payments, Inc. was originally thought to have only gone back to June 2011.  That was bad news, especially given the uncertainty around the exact number of accounts that were breached.

In its April 1st announcement, Global Payments said only 1.5 million accounts were affected; advisories had gone out to Visa and MasterCard alerting them so they could, in turn, send advisories to their issuing banks.  Sometime in May, Global Payments sent an updated alert to Visa and MasterCard about potentially more accounts being affected since they said the breach could have been occurring since March 2011.

Now it looks as if the breach started back in January 2011 — and that nearly 7 million credit and debit card accounts could have been exposed.  That’s a magnitude so much greater than Global Payments is admitting.  In fact, on May 15th, Visa and MasterCard sent, respectively, another alert to their issuing banks to warn them to be on the look out for fraud.  Those alerts were likely generated by Visa and MasterCard when Global Payments told them that the breach could go back to January 2011.  This disclosure was made by Tracy Kitten in a May 16th article for BankInfoSecurity.com (“Global Breach Date Now Jan. 2011”) and reported by Brian Krebs at his KrebsonSecurity.com.

We might have felt reassured that our card accounts weren’t affected since the breach was so old by now.  Not true as Avivah Litan, a fraud analyst at Gartner Research, has stated.  The potential fraud can still happen given this ever expanding time period.

What does this mean in practical terms?  It means that our private financial information could still be at risk.  We need to keep vigilant about reading our credit card and bank statements.  Immediately contact your card issuing bank if you see anything that looks suspicious.  And read anything that comes from your bank as it could be an updated alert about your credit and/or debit card accounts.