Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

40 Million Credit Cards Exposed

By Ed Oswald and Nate Mook, BetaNews

June 20, 2005, 12:01 PM

Credit card processor CardSystems Solutions may have exposed nearly 40 million credit card numbers, according to information released over the weeked by MasterCard International. On Monday, nearly 200,000 cards were confirmed stolen, after a file containing the information was accessed by a hacker.

John Perry, CEO of CardSystems, told the New York Times the numbers resided in a file being used for research regarding why certain transactions were marked as "unauthorized or uncompleted." Perry admitted that the company was not following the policies of credit card companies by storing the card numbers.

13.9 million of the cards exposed were MasterCard-branded, while another 20 million were issued by Visa. The rest of the affected cards were from American Express, Discover, and others.

"We should not have been doing that," he told the paper. "That, however, has been remediated." He also assured that customer's data was secure, saying "we no longer store it on files."

The actions of CardSystems angered MasterCard enough to publicly disclose the security breach without first notifying CardSystems. "CardSystems provides services and is supposed to pass that information on to the banks and not keep it," MasterCard senior vice president Joshua Peirez said. "They were keeping it."

On Saturday, MasterCard warned that it could confirm at least 68,000 customers were at high risk, as it knew the card numbers had been exported from the system into the file CardSystems now admits to have stored. At least 100,000 Visa card numbers and 30,000 from various other companies are believed to be in the file as well.

It is believed that the break-in at CardSystems may be the largest case of exposed data ever. However, so far, only MasterCard has reported incidences of fraud on its members' accounts associated with the breach.

Visa, Discover and American Express have not seen any fraudulent activity as of yet, but said customers will not be responsible for any charges.

Add a Comment (15 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By da vinci code

edited Mar 30, 2006 - 5:19 AM

If we must ecourage co-operations to shun the
outsourcing of vital technical departments, we must as well advise on the best way to rule out the law of comparative advantage in business.
It is a generational problem.who wants to loose?

Score: 0

By plumlipstick

posted Jun 21, 2005 - 8:50 PM

Incidents like this underscore my reasons for always paying with cash. Once again the consumer is on the losing end since it will take a lot of time and effort to repair the damage. Allowing banks to share and outsource credit information has been one of the worst ideas of the new century. There is no accountability, and a consumer cannot track who has or is accessing their credit and banking information.

Score: 0

By glenvdb

edited Jun 21, 2005 - 5:59 PM

Serves them right! with more and more banks, corperations and companies outsourceing the IT departments, the hackers know that if the can get in, there will be at least 10 minutes before someone realizes somthing is up.When will companies realize that a strong IT department should also be up on security.

Score: 0

By athome

posted Jun 22, 2005 - 11:57 AM

Serves them right!? What about millions of card holders? I have to laugh out loud even though this makes me very angry. We hear this, seems like weekly. Who is protecting our information?

I sure hope the person that is securing that server is not a BetaNews subscriber. Management needs to be fired.

Score: 0

By jofin

edited Jun 22, 2005 - 6:46 AM

More to the point, why was it necessary for CardSystems to store this information and why was it in a computer that could be hacked online. Just what is this company up to - could it have been stored with the intentions to have "a hacker" supposedly break in and commit the theft. Sounds very dodgy to me and I hope that Mastercard and the others have a real enquiry in to this matter. I also hope that if any of their customers have funds stolen, then CardSystems or the client companies pay up. Taking the contract away from CardSystems seems like it should be the first move as they have intentionally kept this information, which they should not have.

Score: 0

By TheRecklessWanderer

posted Jun 20, 2005 - 5:00 PM

And you can get your bottom dollar that the "reason" that they were holding onto the data wasn't the real one. They might sell it to credit bureaus or other CC companies. Lots of money in that.

Score: 0

By gawd21

posted Jun 21, 2005 - 9:40 PM

I for one feel that someone was paid to keep this info just to be stolen. I bet the more that it is looked into the more we will see pointing to this.
All to often this is happening and it will keep going on until people learn to stop them from keeping the info on file and to sue them. I hate to sue companies or people, I think that it is stupid in 90% of the cases and that most people that sue others should be cut and shipped to a desert some place alone, but in this type of case people should stop it by whatever means they have.

Score: 0

By Maxwolf

edited Jun 20, 2005 - 3:05 PM

Amazing. Simply amazing. All of this data theft is out of this world! So many companies have been breached it's like a joke! I cannot believe these companies are so weak with security! But I bet all the EXEC's have $5000 office chairs, and corner offices with windows, maybe even some pointy hair! At this rate you should consider joining the first national cookie jar bank.

Score: 0

By TheRecklessWanderer

posted Jun 20, 2005 - 2:46 PM

Kudos to MC for announcing the theft in such an expedient manner. As for cardsystems, saying sorry, we won't do it again, is astounding. The CC companies need to shut down all those cards with the details lost, reissue new cards, and cardsystems needs to pay for it. I smell a courtcase, criminal and civil.

Score: 0

By wincement

posted Jun 20, 2005 - 12:15 PM

ouch... This Visa user says that really stinks.

Score: 0

By gawd21

edited Jun 21, 2005 - 1:12 PM

As I have said and will keep saying, " DON'T STORE THE INFORMATION FOR OTHER THAN TAX USE!!!!!!!".

Score: 0

By Marticus

posted Jun 21, 2005 - 2:47 AM

What are you trying to say? I don't understand.

Score: 0

By mjm01010101

edited Jun 20, 2005 - 1:21 PM

Perhaps you should attempt to say it with cohesion, proper use of grammar, instead of yelling, and people might possibly understand you.

Score: 0

By gawd21

posted Jun 21, 2005 - 1:11 PM

Oh, sorry I had a typo where I used a "t" when I ment to have a "n". Just shows how smart you are.

Score: 0

By djderricke

posted Jun 21, 2005 - 6:03 AM

My card# ended up being one of the 68,000. Fortunatly my card company blocked my card from being used. Unfortunatly it happend just before I tried to pay for dinner with a group of people with my Mastercard. How embarassing.

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue