June 17, 2005
MasterCard Says Security Breach Affects 40 Million Cards
By TOM ZELLER Jr.
MasterCard International reported late this afternoon that more than 40 million credit card accounts of all brands, including 13.9 million MasterCards, may have been exposed to fraud through a security breach at a third-party payment processing company.
MasterCard said in a statement that its analysts and law enforcement officials identified a security hole at CardSystems Solutions, a company based in Tucson, Ariz., that processes more than $15 billion in Visa, MasterCard, American Express, Discover, online debit and electronic transfer transactions a year for small to midsize merchants and financial institutions.
An unauthorized person, MasterCard said, had been able to exploit this security vulnerability and gain access to CardSystems' network, exposing the credit card accounts of millions of customers.
MasterCard said Social Security numbers, dates of birth and other sensitive information that might contribute to identity theft are not stored on its cards, although the credit card accounts accessed could be vulnerable to fraudulent charges.
It was not immediately clear when the breach occurred, or if the individual or individuals who gained access to the data had been identified, but MasterCard executives said that CardSystems had already taken steps to improve the security of its system. "However," the company said in an announcement of the breach, "MasterCard is giving it a limited amount of time to demonstrate compliance with MasterCard security requirements."
MasterCard said it was also notifying customer banks of specific card accounts that "may have been subject to compromise so they can take the appropriate measures to protect their cardholders."
Representatives of the company were not immediately available for comment, but the breach represents one of the largest in a relentless string of security failures at financial institutions, data aggregators, media companies and other organizations that compile, store and transmit consumer data. The breaches have generated numerous state and federal bills aimed at curbing the persistent leaks and holding companies more responsible for their handling of consumer data.
"Hardly a week goes by without startling new examples of breaches of sensitive personal data reminding us how important it is to pass a comprehensive identity theft prevention bill in Congress quickly," said Senator Charles Schumer, Democrat of New York. "Consumers' personal and financial data has become the gold of the 21st century and we need to protect it accordingly."