Global Payments, the payments processing company that suffered a data breach affecting up to 1.5 million credit card holders earlier this year, says it has uncovered new evidence of "unauthorised access" to servers containing personal data.
"Our ongoing investigation [into the original breach] recently revealed unauthorised access to personal information collected from a subset of merchant suppliers," the company revealed yesterday. "It is unclear whether the intruders looked at or took any personal information from the company’s systems; however, the company will notify potentially affected individuals in the coming days."
It added that the personal information in question was not related to credit card holders, but US companies applying to be approved merchants.
Global Payments also revealed that following the data breach in April, some credit card providers "removed us from their list of PCI compliant service providers". These providers included Visa. It said it will revalidate its PCI compliant status with the companies once its investigation into the data breach is complete.
"We have hired a Qualified Security Assessor (QSA) to conduct an independent review of the PCI compliance of our systems," it said. "Once that review is complete and we conduct any required remediation, we anticipate returning of the list of PCI compliant service providers."
The company said that its investigation has confirmed that only ‘Track 2’ data, which does not include the card holders name or address, was compromised in the original breach.