21 February 2018
Visit www.avoka.com

CardSystems security breach exposed 40 million card accounts - MasterCard

20 June 2005  |  10843 views  |  0 mastercard logo

MasterCard says a security breach at Atlanta-based CardSystems Solutions, a third-party processor of payment card data, potentially exposed more than 40 million credit cards - of all brands - to fraud.

MasterCard says its team of security experts traced the breach to CardSystems. The incident is thought to be the largest security breach ever reported.

In a statement, CardSystems says it identified a potential security incident on Sunday May 22nd, which it reported to the FBI the next day.

MasterCard says around 13.9 million of the payment cards at risk are its own MasterCard-branded cards. Around 20 million Visa accounts are thought to have been compromised, while the remaining accounts were other brands, including American Express and Discover.

Jessica Antle, spokeswoman, MasterCard, told Reuters reporters that credit card information with names, account numbers and expiration dates of about 70,000 MasterCard cardholders had so far been found to have been taken out of a database system run by CardSystems.

She says that the firm has identified some incidences of fraud but it's "proportionally very small". Antle did not disclose whether the breach was by a CardSystems' employee or by a possible hacker outside the company - although the information is understood to have been lifted by a malicious spyware program.

But the chief executive of CardSystems, John Perry, has said that the company should not have been retaining the records that were breached. Perry told the New York Times that the exposed data was being stored for "research purposes" to determine why some transactions had registered as unauthorised or uncompleted. This goes against data protection and storage rules established by MasterCard and Visa.

In a statement, MasterCard has called on congress to extend the application of Gramm-Leach-Bliley Act (GLBA) - which includes provisions to protect personal financial data held by financial institutions - to cover third party processors. Currently, GLBA only applies to financial institutions providing services to consumers. MasterCard says the act should be extended to also include any entity, such as third party processors that stores consumer financial information regardless of whether or not they interact directly with consumers.
KeywordsLEGAL

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

FDIC warns staff of data breach

FDIC warns staff of data breach

17 June 2005  |  7207 views  |  0 comments
US bank workers charged with selling customer data

US bank workers charged with selling customer data

17 May 2005  |  10976 views  |  0 comments | 1 tweets
Spitzer turns fire on ID theft as DSW data breach deepens

Spitzer turns fire on ID theft as DSW data breach deepens

19 April 2005  |  9761 views  |  0 comments
HSBC credit card data exposed in security breach

HSBC credit card data exposed in security breach

14 April 2005  |  11411 views  |  0 comments
LexisNexis probe uncovers 59 security breaches

LexisNexis probe uncovers 59 security breaches

12 April 2005  |  6920 views  |  0 comments
Hackers access 5.5 million MasterCard and Visa accounts - Reuters

Hackers access 5.5 million MasterCard and Visa accounts - Reuters

18 February 2003  |  6235 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit http://info.nice.comVisit www.vasco.comVisit https://www.capgemini.com

Top topics

Most viewed Most shared
ABN Amro moves escrow accounts to the blockchainABN Amro moves escrow accounts to the bloc...
10116 views comments | 15 tweets | 13 linkedin
ECB launches staunch defence of cashECB launches staunch defence of cash
9712 views 10 comments | 22 tweets | 26 linkedin
Coinbase and Visa at loggerheads over erroneous charges on customer crypto accountsCoinbase and Visa at loggerheads over erro...
8477 views comments | 13 tweets | 12 linkedin
BBVA-backed digital banking startup targets gig economy workersBBVA-backed digital banking startup target...
7147 views comments | 8 tweets | 12 linkedin
hands typing furiouslyMaking Customer Experience Your Business
6851 views 0 | 7 tweets | 5 linkedin

Featured job

Find your next job