We know from analysis of past breaches that 92% of breaches are reported by third parties, not internally. Other research substantiates this, noting that only 16% of breaches are detected internally and that 44% of breaches can take years to discover. Based on this data, it should not be a surprise to hear that companies who have suffered a breach are finding it may be more extensive than originally thought.
Payment card processor Global Payments reported that they had identified unauthorized access to its processing system in April, potentially affecting 1.5 million credit card numbers. However, it appears from the latest news that the original timeframe of the breach was underestimated. The timespan was originally estimated as approximating one month, starting in January 2012, but now may stretch back as early as June of the 2011. It's not clear how many more customers have been affected or notified of this breach.
As a result of the breach, and as reported on the Global Payments' security site, some credit cards have removed Global Payments from their list of PCI compliant service providers. Aside from the immediate fiscal fallout of having to react to this breach (notify customers, deal with PR, investigate), there appears to be a long-term impact affecting the perceived trust of this brand.