The Atlanta-based company, which processes credit and debit card transactions for Visa and MasterCard, recently revealed that hackers gained access to no more than 1.5 million card numbers.
But the Global Payments breach is another reminder that despite all of our attempts to keep personal information out of the hands of thieves — shredding documents and frequently changing passwords — we still are vulnerable.
"We talk so much about what to protect our computer from — viruses and not going to the wrong site and giving away your passwords. Then the server that has all the credit cards gets compromised," says Avi Rubin, a computer science professor at the Johns Hopkins University. "All of that protection we tell the consumer to take with their own data goes out the window."
For years, security experts say, companies wrote off identity theft fraud as a cost of doing business. Only after such theft began to heavily eat into profits did businesses — usually large ones — start taking security seriously.
But plenty of others need to catch up. Data breaches that potentially put us at risk of financial identity theft occur on average at least once a day — often at hospitals and schools.
The Privacy Rights Clearinghouse has tracked such breaches since 2005, and has recorded more than 3,000, involving 546 million records. Some are sophisticated attacks, but many are the result of simple carelessness. For example, one of the 591 breaches reported last year occurred in the Texas comptroller's office, which had publicly posted for a year or more the Social Security numbers of 3.5 million workers.
And what happens to consumers who have their identities stolen? A new report from the Federal Trade Commission says some victims who contact credit reporting agencies for help complain that the companies push them into buying fraud prevention products.
More than products, consumers need companies and organizations to invest in security technology and train their employees to keep our information safe.
Of course, not all data breaches are equally serious or lead to identity theft.
Breaches that expose names, addresses and emails are the least worrisome.
"You only have to worry about phishing," says Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse. That's where con artists send you an authentic-looking email from a company or agency, trying to trick you into revealing sensitive information.
The most serious cases occur when thieves steal Social Security numbers and birth dates.
"That really allows a fraudster to pose as us and open accounts in our names," says Steve Coggeshall, chief technology officer for ID Analytics, a risk assessment company.
The Global Payments breach — exposing card numbers and expiration dates — falls somewhere in between, experts say.
"With this particular breach, the consumer could be exposed to existing account fraud," Stephens says.
That means thieves could go on a shopping spree using your current account, but can't open a new line of credit. This type of fraud also won't be picked up through credit monitoring services that look for new account fraud, Stephens says.
Security experts say we may never know if the Global Payments breach leads to identity theft.