Some 50,000 credit and debit cardholders may have their information exposed following a security breach at Global Payments, according to The Wall Street Journal.
The full extent of the breach is still unknown, the Journal reported today, and it's unclear whether fraudulent charges on cardholders have been racked up yet.
Global Payments later released a statement saying the breach didn't involve its merchants or their customers. The company said it had determined early this month that card data may have been accessed, and alerted law enforcement.
"It is reassuring that our security processes detected an intrusion," CEO Paul Garcia said in the statement.
Still unclear from Global Payments' statement is the nature and scope of the attack.
Still, MasterCard and Visa, whose customers could potentially be affected, have sent out warning notices.
A MasterCard spokesman told CNET that it was investigating the potential compromise and has alerted payment card issuers to the possible risk.
"MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information," a spokesman said. He added that law enforcement has been called in to look at the matter.
Likewise, Visa has also alerted its customers, and like MasterCard, stressed there was no breach of its own systems.
"Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards," the company said in a statement to CNET.
Global Payments processes payments from credit, debit, and gift cards between merchants and banks. Because it sits in this middle ground directing where payment information goes, an attack on its system would leave a lot of private financial data exposed. The breach was initially reported on by KrebsonSecurity. The site warned that far more cards -- more than 10 million -- may be compromised.
The estimated window of the breach appears to be between January 21 and February 25, the Journal reported. Customers with concerns should contact the banks that issue their cards.