28 July 2016
Find out more

CardSystems security breach exposed 40 million card accounts - MasterCard

20 June 2005  |  10415 views  |  0 mastercard logo

MasterCard says a security breach at Atlanta-based CardSystems Solutions, a third-party processor of payment card data, potentially exposed more than 40 million credit cards - of all brands - to fraud.

MasterCard says its team of security experts traced the breach to CardSystems. The incident is thought to be the largest security breach ever reported.

In a statement, CardSystems says it identified a potential security incident on Sunday May 22nd, which it reported to the FBI the next day.

MasterCard says around 13.9 million of the payment cards at risk are its own MasterCard-branded cards. Around 20 million Visa accounts are thought to have been compromised, while the remaining accounts were other brands, including American Express and Discover.

Jessica Antle, spokeswoman, MasterCard, told Reuters reporters that credit card information with names, account numbers and expiration dates of about 70,000 MasterCard cardholders had so far been found to have been taken out of a database system run by CardSystems.

She says that the firm has identified some incidences of fraud but it's "proportionally very small". Antle did not disclose whether the breach was by a CardSystems' employee or by a possible hacker outside the company - although the information is understood to have been lifted by a malicious spyware program.

But the chief executive of CardSystems, John Perry, has said that the company should not have been retaining the records that were breached. Perry told the New York Times that the exposed data was being stored for "research purposes" to determine why some transactions had registered as unauthorised or uncompleted. This goes against data protection and storage rules established by MasterCard and Visa.

In a statement, MasterCard has called on congress to extend the application of Gramm-Leach-Bliley Act (GLBA) - which includes provisions to protect personal financial data held by financial institutions - to cover third party processors. Currently, GLBA only applies to financial institutions providing services to consumers. MasterCard says the act should be extended to also include any entity, such as third party processors that stores consumer financial information regardless of whether or not they interact directly with consumers.
KeywordsLEGAL

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

FDIC warns staff of data breach

FDIC warns staff of data breach

17 June 2005  |  6830 views  |  0 comments
US bank workers charged with selling customer data

US bank workers charged with selling customer data

17 May 2005  |  9594 views  |  0 comments | 1 tweets
Spitzer turns fire on ID theft as DSW data breach deepens

Spitzer turns fire on ID theft as DSW data breach deepens

19 April 2005  |  8091 views  |  0 comments
HSBC credit card data exposed in security breach

HSBC credit card data exposed in security breach

14 April 2005  |  10504 views  |  0 comments
LexisNexis probe uncovers 59 security breaches

LexisNexis probe uncovers 59 security breaches

12 April 2005  |  6602 views  |  0 comments
Hackers access 5.5 million MasterCard and Visa accounts - Reuters

Hackers access 5.5 million MasterCard and Visa accounts - Reuters

18 February 2003  |  5840 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit VocaLink.comVisit capgemini.comVisit www.abe-eba.eu

Who is commenting?

Top topics

Most viewed Most shared
satelliteContactless Bitcoin startup Plutus Tap &am...
9590 views comments | 10 tweets | 4 linkedin
Apps crush internet for UK banking loginsApps crush internet for UK banking logins
8606 views comments | 19 tweets | 25 linkedin
Telefonica Germany launches Fidor-backed mobile banking serviceTelefonica Germany launches Fidor-backed m...
6801 views comments | 16 tweets | 22 linkedin
UK and South Korea build 'fintech bridge'UK and South Korea build 'fintech bridge'
5961 views comments | 13 tweets | 14 linkedin
hands typing furiouslyManaging Big Data After Brexit
5906 views 0 | 5 tweets | 8 linkedin

Featured job


Brussels (Belgium) or Paris (France)

Find your next job