News and resources on cyber and physical threats to banks and fintechs worldwide.
Mastercard loyalty programme customers hit by data leak

Mastercard loyalty programme customers hit by data leak

Mastercard has notified regulators in Germany and Belgium about a loyalty programme data breach affecting the details of several thousand customers.

The card giant noticed on 19 August that customer data from the 'Priceless Specials' loyalty programme had made its way onto the internet for "a certain period of time", says a statement from the Belgian Data Protection Authority.

Names, payment card numbers, email addresses, home addresses, phone numbers, gender and dates of birth of a "large number" of customers were compromised. A "significant portion" of the victims are German, Mastercard says. Belgian authorities were notified because the company has its regional headquarters in Waterloo.

In a statement to Bloomberg, Mastercard says the breach "has no connection to Mastercard’s payment transaction network," adding that "there was an event involving the Specials loyalty platform in Germany managed by a third-party vendor, which resulted in the unauthorized distribution of certain information".

David Stevens, chairman, Belgian Data Protection Authority, says: "We have received a lot of questions and complaints since the announcement of this incident, we want to reassure users: we have contacted MasterCard in order to get additional information, and are following this case closely together with the Hessian data protection authority and all the other possible concerned authorities."

Comments: (2)

A Finextra member
A Finextra member 27 August, 2019, 15:10Be the first to give this comment the thumbs up 0 likes

I wonder why neither MasterCard or the Belgian Data Protection Authority aren't more transparent over the size and impact of the breach? "Certain period of time" and "significant portion" and "large number" all seems very wooly to me. They should disclose what they know without further delay.

Salman Amjad
Salman Amjad - Bank - Me 01 September, 2019, 06:171 like 1 like In the first place why these cards weren’t kept tokenized.