"The company believes that the affected portion of its processing system is confined to North America and less than 1,500,000 card numbers many have been exported," they said.
"The investigation to date has revealed that Track 2 data may have been stolen, but that cardholder names, addresses and social security numbers were not obtained by the criminals. Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained."
"The company continues to work with industry third parties, regulators and law enforcement to assist in the efforts to minimize potential cardholder impact. It has engaged multiple information security and forensic firms to investigate and address this issue."
The company says that the breach happened in early March, but the alerts that VISA and MasterCard sent out last week pinpointed the compromise to a period between January 21 and February 25. Both companies were sure to mention that their own systems haven't been breached.
At the time, the two card companies didn't say which card transactions processor was affected, but the information was soon shared by Global Payments itself as rumors started flying and the Wall Street Journal received confirmation of the identity of the company from people involved in the investigation.
During the conference call held this morning, Global Payments' chairman Paul Garcia said that there have been no fraudulent transactions and has confirmed that VISA removed it from its registry of PCI DSS validated service providers, saying that they will immediately begin working on regaining that spot.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.