Computer Crime Research Center


MasterCard: 40M Credit Card Accounts Exposed

Date: June 28, 2005
By: Clint Boulton

In what is considered one of the largest security breaches, MasterCard International said information on more than 40 million credit cards lay exposed at credit card processor CardSystems Solutions.
Exposed data included holder names, banks and account numbers. No Social Security numbers, birth dates or other personal information were stored on the accounts.

Roughly 13.9 million cards were of the MasterCard brand, said MasterCard, which pinpointed the breach at CardSystems, an Atlanta-based company that processes transactions between financial services firms and merchants. Visa and American Express also said data was exposed through CardSystems.

MasterCard said in a statement that it used fraud-fighting tools to identify the breach, which could have allowed a perpetrator to access cardholder data on the CardSystems computer network. A security team then worked with CardSystems to neutralize the vulnerabilities in the systems.

CardSystems said in a statement it alerted the FBI to the possibility of a security gaffe in May. The processing company then installed new security gear to ensure all systems were secure and solicited a third party to validate systems security.

"We understand and fully appreciate the seriousness of the situation," CardSystems said in a statement. "Our goal is to cooperate fully with the FBI to complete the investigation and ensure that we do nothing that might compromise the investigation."

While CardSystems has attempted to boost its security, MasterCard said it is giving the third-party processor a limited amount of time to comply with MasterCard security requirements.

The Purchase, N.Y., credit card purveyor also notified its customer banks of specific card accounts that may have been subject to compromise.

The company also reiterated its desire to have Congress to enact a wider application of Gramm-Leach-Bliley act, which includes provisions to protect consumers' personal financial information held by financial institutions.
GLBA only applies to financial institutions that service consumers, including MasterCard. MasterCard said it would like Congress to extend that application to include any entity, such as third party processors like CardSystems that store consumer financial information.

Such breaches are anything but new. The difference is that there have been plenty of high-profile data exposure cases of late, throwing more light on the issue.

Recently, UPS lost data storage tapes containing the personal information of 3.9 million customers serviced by CitiFinancial. Bank of America and Time Warner had similar cases earlier this year.

The Senate is considering legislation that would provide consumers with notice that their personal data may have been exposed. California's similar law already mandates such notices.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2008-05-08 13:03:52 - how to have master card account i will buy... edrry
2006-12-16 12:16:34 - Visit Gender Reassignment Gender Reassignment
2006-12-15 06:42:13 - Visit Moble Homes Moble Homes
2006-11-09 03:17:37 - Auto insurance order now online... Buy online auto insurance
2006-09-30 12:26:41 - Welcome to the new site about big... Elizabeth
2006-09-21 11:10:21 - Just look at this!! This summer.. hot... Eddie
2006-09-01 03:31:27 - ... Jeremy
Total 7 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo