Over 40 million credit cards are at risk after a hack attack on
the systems of US payment card data processor CardSystems Solutions
Inc, it was revealed on Friday. MasterCard and Visa credit cards
have been affected by the breach.
The breach, which was initially detected in late May and
confirmed two weeks ago, has been kept quiet until now at the
request of the FBI.
According to MasterCard, security vulnerabilities in the systems
of Tucson-based CardSystems Solutions allowed a hacker to
infiltrate the network and access cardholder data, potentially
exposing more than 40 million cards of all brands to the risk of
fraud.
Around 13.9 million of these are MasterCard-branded cards, and a
reported 22 million Visa cards might also have been compromised.
American Express and Discover cardholders are also thought to be
affected.
MasterCard confirmed on Friday that it has notified its customer
banks of specific card accounts that may have been compromised, so
that they can take the appropriate measures to protect their
cardholders.
MasterCard stressed that no highly sensitive information, such
as social security numbers or dates of birth, is stored on
MasterCard cards. Nor are MasterCard cardholders generally liable
for fraudulent credit card use, so long as they advise the credit
card company that the card has been compromised. The cost of
meeting the fraudulent purchase generally falls on the merchant
from whom the goods were purchased.
According to reports, 68,000 MasterCard cardholders have already
found fraudulent charges on their accounts.
CardSystems Solutions has been given “a limited amount of time
to demonstrate compliance with MasterCard security requirements”,
said MasterCard, and the data processor has already taken steps to
improve the security of its system.
“We understand and fully appreciate the seriousness of the
situation,” CardSystems said in a statement on its web site. “Our
customers and their customers are our lifeblood. We are sparing no
effort to get to the bottom of this matter. Our goal is to
cooperate fully with the FBI to complete the investigation and
ensure that we do nothing that might compromise the
investigation.”
The announcement follows in the wake of several other highly
publicised consumer privacy breaches.
These include the loss of backup tapes containing the credit
card information of 1.2 million federal workers by Bank of America,
the loss of 145,000 customers' personal information to identity
thieves at data broker ChoicePoint and most recently the loss of
personal information relating to 3.9 million customers of a
CitiGroup subsidiary, after computer tapes containing the data were
lost in transit to a credit bureau.
According to Democratic Senator Charles Schumer:
"Hardly a week goes by without startling new
examples of breaches of sensitive personal data reminding us how
important it is to pass a comprehensive Identity theft prevention
bill in Congress quickly. Consumers' personal and financial data
has become the gold of the 21st century and we need to protect it
accordingly."
Various proposals have already been put forward, including a
bill by Democratic Senator Dianne Feinstein to force companies to
notify consumers affected by security breaches and another by
Democratic Senators Schumer and Bill Nelson to tighten up laws
regulating data merchants and the sale and display of social
security numbers.
Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please
contact us. See also: our
full disclaimer
