19 June 2018
Visit www.gemalto.com

Equifax hack: Visa and Mastercard flag 200k compromised credit cards

15 September 2017  |  18808 views  |  2 credit card

The details of more than 200,000 Visa and Mastercard cards were stolen during the recent cyber-breach at credit referencing firm Equifax.

Visa and Mastercard have been sending out confidential alerts - seen by security blogger Brian Krebs - to financial institutions across the US warning about the compromised cards.

Visa says that the window for the exposure is between 10 November 2016 and 6 July 2017, although Equifax says that hackers did not gain access to its systems until the middle of May. The thieves managed to access card account numbers, expiration dates, and cardholder names - enough information for online purchases.

Equifax first admitted that its systems had been breached on 7 September, with hackers exploiting a US website application vulnerability to steal the personal details of approximately 143 million US consumers.

Since then, the company has faced a barrage of criticism adnd the threat of a multiple law suits for the hack and for its response. With an FTC probe on the cards, Senate Minority Leader Chuck Schumer called the breach “one of the most egregious examples of corporate malfeasance since Enron”, while Senator Elizabeth Warren is today introducing legislation designed to give consumers more control over the data credit companies collect.

Some British customers have been affected. Although Equifax says that its UK systems were not hit, a file containing some data was stored in the US. Names, dates of birth and email addresses - but not financial data - of fewer than 400,000 people may have been compromised.

Meanwhile, the alarm has been raised over Equifax's Argentinian website. According to Krebs, an employee portal is protected with the laughable username 'admin' and password 'admin', enabling researchers to break in and find sensitive information.

Comments: (2)

A Finextra member
A Finextra member 16 September, 2017, 09:42

So the hackers managed to access the encrypted card database that Equifax must have had if it was operating to PCI 1 Standards?

If Equifax were not minded to encrypt and tokenize card data then why on earth did they not outsource card processing and  storage to someone who could?  .....  The cost of third party processing and data storage would be minimimal compared to reputational and stock price damage.

Have to ask Is there a PCI Audit issue here as well as disasters generally need two or more causative inputs?    

You could say "there but for the grace of God - go I"But God has little  to do with this -  just shoddy housekeeping.  Still EMV and 3DS will protect the cardholder and issuing banks (if Merchants have  adopted, and Equifax didnt store the CVV/CVC value too!  Who knows.....)

1 thumb up! 1 thumb up!
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 16 September, 2017, 13:30

"The thieves managed to access card account numbers, expiration dates, and cardholder names - enough information for online purchases."

How? Without CVV, how can the hacker make online purchases? And I'm talking about 1FA regimes like USA where VbV / MSC / Mobile OTP are not required for online card usage.

Be the first to give this comment the thumbs up 0 thumb ups!
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Huge Equifax breach hits 143 million consumers

Huge Equifax breach hits 143 million consumers

08 September 2017  |  9186 views  |  2 comments | 5 tweets | 14 linkedin
Number of US data breaches jumps 40% in 2016

Number of US data breaches jumps 40% in 2016

20 January 2017  |  8329 views  |  0 comments | 7 tweets | 18 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit iliad-solutions.com/Visit equensworldline.com

Who is commenting?

A Finextra member Finextra Member Commented on: BIS: Cryptocurrencies...
A Finextra member Finextra Member Commented on: BIS: Cryptocurrencies...
A Finextra member Finextra Member Commented on: Monzo launches bill tr...
A Finextra member Finextra Member Commented on: NatWest taps Open Bank...
A Finextra member Finextra Member Commented on: HSBC promises $17bn in...

Top topics

Most viewed Most shared
10,000 jobs could be lost to robots says Citi10,000 jobs could be lost to robots says C...
48751 views comments | 44 tweets | 35 linkedin
Ripple exec says DLT not ready for banks...yetRipple exec says DLT not ready for banks.....
10513 views comments | 9 tweets | 32 linkedin
UK launches £2.5bn startup initiativeUK launches £2.5bn startup initiative
9432 views comments | 30 tweets | 26 linkedin
HSBC promises $17bn investment in technologyHSBC promises $17bn investment in technolo...
8327 views comments | 8 tweets | 21 linkedin
Live: EBAday2018, day oneLive: EBAday2018, day one
8154 views comments | 6 tweets | 5 linkedin

Featured job

Competitive base + commission + benefits
London, UK

Find your next job