On BNET: Online porn struggles for profits
BNET Business Network:
BNET
TechRepublic
ZDNet
76 TalkBacks

By Joris Evers
Posted on ZDNet News: Jun 17, 2005 11:38:00 PM

In what could be the largest data security breach to date, MasterCard International on Friday said information on more than 40 million credit cards may have been stolen.

Of those exposed accounts, about 13.9 million are for MasterCard-branded cards, the company said in a statement. Some 20 million Visa-branded cards may have been affected and the remaining accounts were other brands, including American Express and Discover.

MasterCard and Visa both say they have notified their member banks of the specific accounts involved so the banks can take action to protect cardholders.

"In sheer numbers, this is probably one of the largest data security breaches," said James Van Dyke, principal analyst at Javelin Strategy & Research in Pleasanton, Calif.

News.context

What's new:
In what could be the largest data security breach in the world to date, information on 40 million credit card accounts might have been stolen.

Bottom line:
The massive breach follows several high-profile data loss incidents that potentially exposed American consumers to identity theft. The incident also comes as the public expresses increasing concern over identity theft.

More stories on data security breaches

The breach occurred at CardSystems Solutions in Tucson, Ariz., a third-party processor of payment data, according to a MasterCard statement. An intruder was able to use security vulnerabilities to infiltrate the CardSystems network and access the cardholder data, MasterCard said.

CardSystems is one of several companies that process transactions for banks and merchants. The security breach at the company was discovered using tools that monitor for credit card fraud, MasterCard said.

Though credit card numbers were compromised, the cards themselves do not hold social security numbers or dates of birth, MasterCard said. This information could be used for credit card fraud, but not to steal identities.

Leslie Sutton, a spokeswoman for credit card company Discover, said the company is aware of the security breach and is working with law enforcement to investigate it. She noted that Discover Card holders would not be liable for any fraudulent transactions, should they occur.

Visa issued a statement saying it knows of the data security breach and is working with authorities and banks to monitor and prevent fraud. As with MasterCard and Discover, Visa noted that card users are not responsible for fraudulent transactions.

American Express could not immediately be reached for comment.

The credit card theft possibly occurred late last month, according to CardSystems. In a statement issued late Friday, the company said that it identified a "potential security incident" on Sunday, May 22 and called in the FBI the next day. Visa and MasterCard were notified as well, CardSystems said.

Since the breach, CardSystems has undergone a security audit and is changing its security procedures as a result, it said.

Tide of leaks
The breach follows several high-profile data loss incidents that potentially exposed American consumers to identity theft. Last week, CitiFinancial said tapes containing unencrypted information on 3.9 million customers were lost by the United Parcel Service while in transit to a credit bureau. CitiFinancial is the consumer finance subsidiary of Citigroup.

In past months, data leaks have been reported by Bank of America and Wachovia, data brokers ChoicePoint and LexisNexis, and the University of California at Berkeley and Stanford University.

Two recent surveys have highlighted growing worries about data protection. On Wednesday, the Cyber Security Industry Alliance reported that 97 percent of the American voters it polled said identity theft was a problem that needs addressing, and 64 percent wanted the government to do more to protect computer security.

In addition, a study commissioned by Adobe Systems and RSA Security found that eight out of 10 "senior-level professionals" in Washington, D.C., thought that lawmakers weren't doing enough to keep consumer data safe.

In the United States, MasterCard cardholders are protected against unauthorized transactions on their accounts. If cardholders believe their cards were used fraudulently, they should contact their bank, MasterCard said.

Credit card holders should monitor their accounts online for fraud, Javelin Strategy & Research's Van Dyke advised. "For identity fraud, the individual cardholder is most likely the first who will discover it," he said.

MasterCard is working with banks, CardSystems and law enforcement agencies on the security break-in.

CardSystems has taken steps to improve the security of its system, MasterCard said. Still, the credit card company has given the data processor an undisclosed deadline to demonstrate that its systems are now secure, it said.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 76 Talkback(s)
Gee It only leaves us open to fraud not to ID theft
Hummm gee its not so bad the hackers can only ruin us Financially instead of stealing our ID's
Does anybody see anything wrong with this picture ?
Are they saying we shouldn't worry because they can only take are credit and destroy it but they can't take our ID's am i missing something here ?... (Read the rest)
Posted by: grayfrier Posted on: 01/05/06 You are currently: a Guest | | Terms of Use
Understatement of the year...  Colonel_Panic | 06/17/05
No Credit Card?  RPerkins | 06/17/05
Let me rephrase...  Colonel_Panic | 06/17/05
That won't help you..  Patrick Jones | 06/17/05
I like cash, accepted everywhere and no...  Colonel_Panic | 06/17/05
Removing the marbles and boxing...  Colonel_Panic | 06/17/05
Citicards has virtual credit card numbers..  Xunil_Sierutuf | 06/17/05
About time folks GET A CLUE...  realitycheck101 | 06/17/05
I want specifics!!!  IT Scion | 06/17/05
:-[ (nt)  Colonel_Panic | 06/17/05
Found some!  IT Scion | 06/17/05
you'd think...  Monkey_MCSE | 06/17/05
Agree  Mark Miller | 06/18/05
What about competence checks?  Hugh Jass | 06/18/05
From the full story  IT Scion | 06/17/05
Wipe out all credit reports  jadav | 06/17/05
;-] (nt)  Colonel_Panic | 06/17/05
What software and hardware was hacked?  mlindl | 06/18/05
give you one guess  JasonL31 | 06/18/05
Had to be Linux  Loverock Davidson | 06/18/05
So you've broken into Linux systems and stole data then?  HypnoToad | 06/18/05
Strange, exchange the word linsux with Winsux and it...  Colonel_Panic | 06/18/05
Re: Had to be Linux...Nope Windose...  thetruth_z | 06/18/05
It is was a UNIX box that got hacked  ElvisChrist | 06/18/05
Actually...  Cardinal_Bill | 06/18/05
And  IT Scion | 06/18/05
And  Loverock Davidson | 06/19/05
Nope: Unix WILL be.. f their future boxes..  thetruth_z | 06/19/05
Nope: Unix WILL be their future boxes..  thetruth_z | 06/19/05
Mixed environment  Jeff the god of biscuits | 06/19/05
RE: Mixed environment  thetruth_z | 06/19/05
Fair estimate  Mark Miller | 06/19/05
I doubt it, but  Hugh Jass | 06/18/05
The second smartest IT post  mlindl | 06/18/05
How would you know?  Cardinal_Bill | 06/18/05
I know you are but what am I  Loverock Davidson | 06/18/05
My experiences with lots of distros...  Colonel_Panic | 06/19/05
I wish I could  Squawkbox | 06/18/05
It doesn't matter  osreinstall | 06/20/05
was it encrypted - nooooooo  JasonL31 | 06/18/05
I think it had to do with the method of attack  Mark Miller | 06/19/05
Hacker shopping spree?!  Julie8x | 06/18/05
Actually, the merchants end up eating it.  Hugh Jass | 06/18/05
What software hardware hacked?!  Julie8x | 06/18/05
And I bet Mastercard will leave it to the victims to clean up the mess.  HypnoToad | 06/18/05
Ownership Society  X41 | 06/18/05
Way past time to clip the cards in two  Boot_Agnostic | 06/18/05
Everyone pays sad  Julie8x | 06/18/05
Not sure I agree  DarbyOhara | 06/20/05
Well from the link below...  Linux User 147560 | 06/18/05
and it seems..  Monkey_MCSE | 06/18/05
$ukk$ when you have to explain...  Colonel_Panic | 06/18/05
Let's start the test with an easy one:  Hugh Jass | 06/18/05
False...  Colonel_Panic | 06/18/05
Correct!  Hugh Jass | 06/19/05
:-] (nt)  Colonel_Panic | 06/19/05
Mr. Jass...  Colonel_Panic | 06/19/05
Almost forgot...  Colonel_Panic | 06/19/05
Why Johnny Ringo, you look like somebody just walked over your grave.  Jeff the god of biscuits | 06/18/05
HE MENTIONS ME!! WOOT WOOT!! (NT)  Loverock Davidson | 06/18/05
Argue with that M$ fanboys. Hah! WTG...  Colonel_Panic | 06/18/05
Actually  IT Scion | 06/18/05
2 things  Loverock Davidson | 06/18/05
Put a damper on the enthusiasm  Mark Miller | 06/19/05
took 5 minutes to download!  An_Axe_to_Grind | 06/18/05
Any real details ??  michael_t | 06/18/05
Call me old fashioned  Justcauz | 06/19/05
Security breach hits two Countries  Julie8x | 06/19/05
Re: 2nd Smartest Post  Julie8x | 06/19/05
In God we trust. All other pay cash  osreinstall | 06/19/05
Loverock & Axe they're a .net Corp.  Gueze | 06/19/05
YOU MENTIONED ME!!  Loverock Davidson | 06/19/05
Netcraft site Microsoft ... why?  whisperycat | 06/20/05
It wont stop until CEO's and Managers go to Jail...  BitTwiddler | 06/20/05
Or it could be that  John Zern | 06/20/05
Gee It only leaves us open to fraud not to ID theft  grayfrier | 01/05/06

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and