Case Study: Payment Card Data Breaches

Global Payments, an Atlanta$-$based payments processor, disclosed a data breach in March $2012.$

Research the event and answer the following questions:

A$.$ Global Payments

$1.$ Who first reported the incident?

$2.$ What are the dates associated with the compromise?

$3.$ What information was compromised?

$4.$ How many cardholders were affected?

$5.$ Is there any indication of how the data was acquired?

$6.$ Were losses sustained by any organization other than Global Payments?

$7.$ What type of notification was required?

B$.$ Prior to the breach, Global Payments was a certified Level $1$ PCI$-$compliant organization. Due to the breach, Global Payments was decertified and required to undergo a rigorous recertification process. Should a card data compromise be a trigger for decertification? Why or why not?