03 December 2016

CardSystems security breach exposed 40 million card accounts - MasterCard

20 June 2005  |  10520 views  |  0 mastercard logo

MasterCard says a security breach at Atlanta-based CardSystems Solutions, a third-party processor of payment card data, potentially exposed more than 40 million credit cards - of all brands - to fraud.

MasterCard says its team of security experts traced the breach to CardSystems. The incident is thought to be the largest security breach ever reported.

In a statement, CardSystems says it identified a potential security incident on Sunday May 22nd, which it reported to the FBI the next day.

MasterCard says around 13.9 million of the payment cards at risk are its own MasterCard-branded cards. Around 20 million Visa accounts are thought to have been compromised, while the remaining accounts were other brands, including American Express and Discover.

Jessica Antle, spokeswoman, MasterCard, told Reuters reporters that credit card information with names, account numbers and expiration dates of about 70,000 MasterCard cardholders had so far been found to have been taken out of a database system run by CardSystems.

She says that the firm has identified some incidences of fraud but it's "proportionally very small". Antle did not disclose whether the breach was by a CardSystems' employee or by a possible hacker outside the company - although the information is understood to have been lifted by a malicious spyware program.

But the chief executive of CardSystems, John Perry, has said that the company should not have been retaining the records that were breached. Perry told the New York Times that the exposed data was being stored for "research purposes" to determine why some transactions had registered as unauthorised or uncompleted. This goes against data protection and storage rules established by MasterCard and Visa.

In a statement, MasterCard has called on congress to extend the application of Gramm-Leach-Bliley Act (GLBA) - which includes provisions to protect personal financial data held by financial institutions - to cover third party processors. Currently, GLBA only applies to financial institutions providing services to consumers. MasterCard says the act should be extended to also include any entity, such as third party processors that stores consumer financial information regardless of whether or not they interact directly with consumers.
KeywordsLEGAL

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

FDIC warns staff of data breach

FDIC warns staff of data breach

17 June 2005  |  6925 views  |  0 comments
US bank workers charged with selling customer data

US bank workers charged with selling customer data

17 May 2005  |  9683 views  |  0 comments | 1 tweets
Spitzer turns fire on ID theft as DSW data breach deepens

Spitzer turns fire on ID theft as DSW data breach deepens

19 April 2005  |  8182 views  |  0 comments
HSBC credit card data exposed in security breach

HSBC credit card data exposed in security breach

14 April 2005  |  10600 views  |  0 comments
LexisNexis probe uncovers 59 security breaches

LexisNexis probe uncovers 59 security breaches

12 April 2005  |  6683 views  |  0 comments
Hackers access 5.5 million MasterCard and Visa accounts - Reuters

Hackers access 5.5 million MasterCard and Visa accounts - Reuters

18 February 2003  |  5928 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit capgemini.comFind out morehttp://www.financialcrimerisk.fiserv.com/aml?r=finextra

Top topics

Most viewed Most shared
Royal Mint to issue digital goldRoyal Mint to issue digital gold
6141 views comments | 22 tweets | 21 linkedin
ING pulls plug on P2P payments app TwypING pulls plug on P2P payments app Twyp
5478 views comments | 16 tweets | 15 linkedin
R3 and Calypso to develop blockchain trade confirmation systemR3 and Calypso to develop blockchain trade...
5399 views comments | 13 tweets | 12 linkedin
EBA told that tougher authentication will have a "chilling" effect on single marketEBA told that tougher authentication will...
5351 views comments | 18 tweets | 20 linkedin
UK challenger bank Masthaven opens for businessUK challenger bank Masthaven opens for bus...
5335 views comments | 15 tweets | 13 linkedin

Featured job

to Six-Figure Base, Bonus, Benefits
London, UK

Find your next job