RSS40 Million Credit Cards Exposed
By Ed Oswald and Nate Mook | Published June 20, 2005, 12:01 PM
Credit card processor CardSystems Solutions may have exposed nearly 40 million credit card numbers, according to information released over the weeked by MasterCard International. On Monday, nearly 200,000 cards were confirmed stolen, after a file containing the information was accessed by a hacker.
John Perry, CEO of CardSystems, told the New York Times the numbers resided in a file being used for research regarding why certain transactions were marked as "unauthorized or uncompleted." Perry admitted that the company was not following the policies of credit card companies by storing the card numbers.
13.9 million of the cards exposed were MasterCard-branded, while another 20 million were issued by Visa. The rest of the affected cards were from American Express, Discover, and others.
"We should not have been doing that," he told the paper. "That, however, has been remediated." He also assured that customer's data was secure, saying "we no longer store it on files."
The actions of CardSystems angered MasterCard enough to publicly disclose the security breach without first notifying CardSystems. "CardSystems provides services and is supposed to pass that information on to the banks and not keep it," MasterCard senior vice president Joshua Peirez said. "They were keeping it."
On Saturday, MasterCard warned that it could confirm at least 68,000 customers were at high risk, as it knew the card numbers had been exported from the system into the file CardSystems now admits to have stored. At least 100,000 Visa card numbers and 30,000 from various other companies are believed to be in the file as well.
It is believed that the break-in at CardSystems may be the largest case of exposed data ever. However, so far, only MasterCard has reported incidences of fraud on its members' accounts associated with the breach.
Visa, Discover and American Express have not seen any fraudulent activity as of yet, but said customers will not be responsible for any charges.
Incidents like this underscore my reasons for always paying with cash. Once again the consumer is on the losing end since it will take a lot of time and effort to repair the damage. Allowing banks to share and outsource credit information has been one of the worst ideas of the new century. There is no accountability, and a consumer cannot track who has or is accessing their credit and banking information.
Score: 0
|Serves them right! with more and more banks, corperations and companies outsourceing the IT departments, the hackers know that if the can get in, there will be at least 10 minutes before someone realizes somthing is up.When will companies realize that a strong IT department should also be up on security.
Score: 0
|Serves them right!? What about millions of card holders? I have to laugh out loud even though this makes me very angry. We hear this, seems like weekly. Who is protecting our information?
I sure hope the person that is securing that server is not a BetaNews subscriber. Management needs to be fired.
Score: 0
|More to the point, why was it necessary for CardSystems to store this information and why was it in a computer that could be hacked online. Just what is this company up to - could it have been stored with the intentions to have "a hacker" supposedly break in and commit the theft. Sounds very dodgy to me and I hope that Mastercard and the others have a real enquiry in to this matter. I also hope that if any of their customers have funds stolen, then CardSystems or the client companies pay up. Taking the contract away from CardSystems seems like it should be the first move as they have intentionally kept this information, which they should not have.
Score: 0
|And you can get your bottom dollar that the "reason" that they were holding onto the data wasn't the real one. They might sell it to credit bureaus or other CC companies. Lots of money in that.
Score: 0
|I for one feel that someone was paid to keep this info just to be stolen. I bet the more that it is looked into the more we will see pointing to this.
All to often this is happening and it will keep going on until people learn to stop them from keeping the info on file and to sue them. I hate to sue companies or people, I think that it is stupid in 90% of the cases and that most people that sue others should be cut and shipped to a desert some place alone, but in this type of case people should stop it by whatever means they have.
Score: 0
|Amazing. Simply amazing. All of this data theft is out of this world! So many companies have been breached it's like a joke! I cannot believe these companies are so weak with security! But I bet all the EXEC's have $5000 office chairs, and corner offices with windows, maybe even some pointy hair! At this rate you should consider joining the first national cookie jar bank.
Score: 0
|Kudos to MC for announcing the theft in such an expedient manner. As for cardsystems, saying sorry, we won't do it again, is astounding. The CC companies need to shut down all those cards with the details lost, reissue new cards, and cardsystems needs to pay for it. I smell a courtcase, criminal and civil.
Score: 0
|ouch... This Visa user says that really stinks.
Score: 0
|As I have said and will keep saying, " DON'T STORE THE INFORMATION FOR OTHER THAN TAX USE!!!!!!!".
Score: 0
|Perhaps you should attempt to say it with cohesion, proper use of grammar, instead of yelling, and people might possibly understand you.
Score: 0
|What are you trying to say? I don't understand.
Score: 0
|My card# ended up being one of the 68,000. Fortunatly my card company blocked my card from being used. Unfortunatly it happend just before I tried to pay for dinner with a group of people with my Mastercard. How embarassing.
Score: 0
|Oh, sorry I had a typo where I used a "t" when I ment to have a "n". Just shows how smart you are.
Score: 0
|