For the past few weeks, some of us have been in communication about reports about a second big processor breach. The good folks over at Open Security Foundation (OSF) went public on February 13 that they were getting multiple tips about the breach. This site was also hearing some of the same reports (perhaps from some of the same sources), but we were all pretty much stuck without actual confirmation that we could cite. Unlike the Heartland breach where we started finding banks in disparate areas reporting breaches, we simply weren’t finding anything yet on the more recent breach.

On Saturday, I was able to locate independent confirmation of the breach. I started posting the notices that I had uncovered, and alerted OSF’s Dave Shettler and other interested parties. The following day, Dave blogged more about the second breach. By Monday, mainstream media had picked up the story and the rumor mills as to the source of the breach kicked into high gear in some quarters.

Thanks to a more recent credit union notice that Jai Vijayan of Computerworld uncovered from the Alabama Credit Union, we now know that this is not just credit cards that have been affected, but that the breach also appears to involve “long lists” of compromised ATM/debit cards. Visa and MasterCard remain mute about the source of the breach, although once the confirmation was found, Visa confirmed to Computerworld that a processior “experienced a compromise of payment card account information from its systems,” and MasterCard’s statement referred to the processor as being in the U.S.

See the full report at databreaches.net.