Mastercard has notified regulators in Germany and Belgium about a loyalty programme data breach affecting the details of several thousand customers.
The card giant noticed on 19 August that customer data from the 'Priceless Specials' loyalty programme had made its way onto the internet for "a certain period of time", says a statement from the Belgian Data Protection Authority.
Names, payment card numbers, email addresses, home addresses, phone numbers, gender and dates of birth of a "large number" of customers were compromised. A "significant portion" of the victims are German, Mastercard says. Belgian authorities were notified because the company has its regional headquarters in Waterloo.
In a statement to Bloomberg, Mastercard says the breach "has no connection to Mastercard’s payment transaction network," adding that "there was an event involving the Specials loyalty platform in Germany managed by a third-party vendor, which resulted in the unauthorized distribution of certain information".
David Stevens, chairman, Belgian Data Protection Authority, says: "We have received a lot of questions and complaints since the announcement of this incident, we want to reassure users: we have contacted MasterCard in order to get additional information, and are following this case closely together with the Hessian data protection authority and all the other possible concerned authorities."