The security breach occurred at a Merchant Processor. Visa is not disclosing the name or location of the Merchant Processor. This is a very large compromise, similar to the Heartland compromise, but slightly smaller. Track Data WAS NOT compromised, only account numbers and expiration dates. http://www.databreaches.net/?p=1686 these breaches are obviously bad for our industry, as when the card data is resold, much of those cards are used for affiliate sales, especially when you get info that is primarily useful online, these are becoming more and more frequent