Latest Security Breach Exposes 40 Million Credit Card Accounts to Potential Fraud

June 18, 2005
More than 40 million credit cards are potentially at risk in the largest security breach to come to light so far. MasterCard International Inc. has started notifying member banks of about 13.9 million accounts involved in the latest incident, which involved a card-processing operation in Tucson, Arizona.

CardSystems
• CardSystems Solutions Settles Federal Charges
• CardSystems Sells Out After Massive Data Breach
• Visa Gives CardSystems a Reprieve, Pending Sale to CyberSource
• Setback for Consumers in CardSystems Class Action
• CardSystems May Shut Down
• CardSystems Losing Big Customers
• Cardsystems Named in Class Action Suit
• States Want CardSystems to Provide Details of Data Breach
• Washington State Wants CardSystems to Provide Details of Data Breach
• Latest Security Breach Exposes 40 Million Credit Card Accounts to Potential Fraud
---
• More about Identity Theft ...

In a statement, MasterCard said the breach was traced to CardSystems Solutions Inc., a third-party processor of payment card data. It said the compromised data included names, banks and account numbers -- not addresses or Social Security numbers -- and said such data could be used to steal funds but not identities.

Consumers Protected

Consumers should watch their statements carefully and promptly reported any unauthorized charges to their card issuer. Under federal law, credit card holders are liable for no more than $50 of unauthorized charges, and many card issuers will waive the $50 in circumstances such as these.

"Consumers have strong protection if unauthorized charges are made on their MasterCard cards," MasterCard said. "In the U.S., MasterCard cardholders are protected by MasterCard's Zero Liability policy for unauthorized transactions on their accounts. If MasterCard cardholders have any reason to believe that their cards were used fraudulently, they should contact their issuing bank."

MasterCard said it has begun notifying its member banks of specific card accounts that may be vulnerable, so that those banks can take steps to prevent against fraud.

Visa USA did not immediately comment on the situation. American Express said that less than 0.5% of its domestic transactions are handled by CardSystems. Discover said it was "aware of" the situation but did not say whether any of its cardholders were affected.

"Single Individual" Blamed

MasterCard blames a single individual for the massive security breach. "(V)ulnerabilities allowed an unauthorized individual to infiltrate their network and access the cardholder data," MasterCard said.

The company said the perpetrator used "a virus-like computer script that captured customer data" but would not elaborate further. The FBI said it was investigating.

CardSystems officials said they first noticed a potential security breach on May 22 and contacted the FBI a day later. Visa, MasterCard, and other companies were notified as CardSystems brought in third-party security experts to review their systems.

"We understand and fully appreciate the seriousness of the situation," CardSystems said in a statement. "Our customers and their customers are our lifeblood. We are sparing no effort to get to the bottom of this."

Latest Incident

It's the latest in an embarrassing series of security breaches involving both consumer identity data. It appears to be the largest yet involving financial data, said David Sobel, general counsel at the Electronic Privacy Information Center.

"The steady stream of these disclosures shows the pressing need for regulation of the industry both in terms of limitation in the amount of personal information that companies collect and also liability when these kinds of disclosures occur," Sobel told the Wall Street Journal.

Congressional Action Urged

MasterCard urged Congress to enact wider application of Gramm-Leach-Bliley, the act that includes provisions to protect consumers' personal financial information held by financial institutions.

"Currently, GLBA only applies to financial institutions providing services to consumers, including MasterCard. MasterCard urges Congress to extend that application to also include any entity, such as third party processors, that stores consumer financial information, regardless of whether or not they interact directly with consumers," MasterCard said.

Sen. Charles Schumer (D-NY) said the incident is a reminder that Congress needs to move quickly to help consumers, who can face years of credit problems once their digital identities are stolen.

"Consumers’ personal and financial data has become the gold of the 21st century and we need to protect it accordingly," said Schumer, who has co-authored a bill that would require companies to take additional steps to curb data theft. The bill would also create standards for companies handling sensitive personal data.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

FREE CONSUMER NEWSLETTERS
The Daily Consumer Afternoons M-F Sign up now!	Consumer News & Alerts Every Sunday Sign up now!

CONSUMER NEWS

SAFETY RECALLS

MOST-VIEWED PAGES

NEW COMPLAINTS

Gugliotta Associates, New Rochelle, NY
Popelka Law Group, San Jose, CA
Realty Trade, Orlando, FL
BuyInflatables.com
Fifth Avenue Furniture, Brainerd, MN
Cheap2Dial
Mariner's Cove, Virginia Beach, VA
Ajay Contracting, Floral Park, NY
Harbor Basement Waterproofing, East Meadow
Crystal Windows & Doors, Chicago, IL
ChevyMall.com
Code 4 Towing, San Bernardino, CA
Chester Berg Toyota, Bemidji, MN
TNH Auto Wrecking, Las Vegas
Nash Auto, Costa Mesa, CA

Back to the top |

Custom Search

AUTOMOTIVE
• Dealers
• Manufacturers
• Service
• Extended Warranties
• Lemon Laws
• Recalls
• Tires
• Transporters

FAMILY
• Aging
• Children, Parenting
• Recalls
• Dating
• Education
• Entertainment
• Pets
• Weddings

FINANCE
• Annuities
• Banks
• Credit Cards
• Debt Collection
• Debt Counseling
• Insurance
• Investing
• Loans
• Mortgages
• Payday Loans
• Student Loans
• Tax Prep

HEALTH
• Doctors
• Drugs, Pharmacies
• Health Clubs
• Hearing Care
• Hospitals
• Nursing Homes
• Nutrition, Diets
• Vision Care
• Weight Loss

HOUSE & HOME
• Appliances
• Cookware
• Furniture
• Home Improvements
• Lawn & Garden
• Movers
• Pools & Spas
• Realtors, Rental Agents
• Recalls
• Utilities

ELECTRONICS
• Cable TV/DBS
• Cameras
• Cell Phones
• Computers
• Home Electronics
• Internet Access
• Local Phone Service
• Long Distance
• VoIP

SHOPPING
• Delivery Services
• In-Home
• Online
• Retail Stores
• Sporting Goods
• Supermarkets
• Telemarketers

TRAVEL
• Airlines
• Bus Lines
• Car Rental
• Cruises
• Hotels
• Travel Agents
• Trains

RESOURCES
• Class Actions
• Complaint Form
• Small Claims Guide
• Lemon Laws

CONSUMER NEWS
• Latest News
• Automotive
• Telecom
• Financial
• Health
• Homeowners
• Scams
• Seniors
• Travel
• More ...

RECALLS
• Automotive
• Children's Products
• Drugs
• Food
• Household Products
• Sporting Goods

ABOUT US
• FAQ
• Privacy Policy
• Advertise With Us
• Newsroom
• Syndication
• Terms of Use

Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice. ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof.