Feeds

MasterCard fingers partner in 40m card security breach

Record setting lapse

  • alert
  • submit to reddit

High performance access to file storage

MasterCard has blamed a single individual for compromising up to 40m credit card accounts - a total marking the security breach as one of the most massive to date.

In a PR nightmare for a financial services company, MasterCard issued a statement saying it had notified banks, payment processors and law enforcement officials of the credit card crack. MasterCard identified CardSystems Solutions - a third-party that processes payments - as owner of the compromised system that revealed the huge amount of customer accounts.

"(V)ulnerabilities allowed an unauthorized individual to infiltrate their network and access the cardholder data," MasterCard said.

To its credit, MasterCard was quick to notify the public about the issue, saying up to 14m of its credit cards were affected. Other credit card companies have yet to put out statements on the matter, although a Visa spokeswoman was quoted as saying up to 22m of the company's cards could have been compromised.

These types of security breaches have become all too common. Organizations such as LexisNexis, ChoicePoint, PayMaxx, Bank of America, San Jose Medical Group, California State University at Chico, Boston College, the University of California at Berkeley, and a large shoe retailer called DSW have all reported the loss of sensitive data. Millions of people have been affected as a result.

CardSystems discovered a "potential security incident" on May 22 and notified the FBI about the problem the next day. As investigators looked into the situation, CardSystems began an internal security audit and hired a firm to assess the security of its systems.

"CardSystems is completing the installation of enhanced/additional security procedures recommended by the security assessor involved in the investigation," the company said.

"We understand and fully appreciate the seriousness of the situation. Our customers and their customers are our lifeblood. We are sparing no effort to get to the bottom of this matter. Our goal is to cooperate fully with the FBI to complete the investigation and ensure that we do nothing that might compromise the investigation."

MasterCard was quick to point out that it does not store prized information such as social security numbers or dates of birth on its cards.

"Protecting cardholders, preventing fraud, and safeguarding financial information is a top priority at MasterCard," the company said. ®

Related stories

GAO gives US.gov D- for security
Make ID cards foolproof pleads Met chief
Motorola downplays data security breach
Citibank admits: we've lost the backup tape
Online gamers targeted in Korean MSN hack attack
US bank staff 'sold customer details'
Adventurous squirrels swap passwords for coffee beans

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.