Reports: Breached Data Were Stored Without Authorization

Share this content:
Unauthorized storage of credit and debit card transaction data led to a security breach at third-party credit and debit card processing firm CardSystems Solutions Inc. that potentially exposed 40 million cardholders to risk, according to a report in The New York Times yesterday and The Associated Press.

CardSystems, Tucson, AZ, which claims to process $15 billion in Visa, MasterCard, American Express and Discover transactions annually, said Friday that it had discovered a possible security breach May 22 and had contacted the Federal Bureau of Investigation as well as the Visa and MasterCard card associations.

"CardSystems immediately began a remediation process to ensure all systems were secure," the company said in a statement. "Additionally, CardSystems immediately engaged an independent third party to validate systems security."

However, it was a Friday announcement by MasterCard International that revealed 40 million cards were at possible risk including 13.9 million MasterCard-branded cards. According to MasterCard, its security team detected the breach and has directed CardSystems to come into compliance with the firm's security requirements.

CardSystems chief executive John M. Perry told the Times and the AP that about 200,000 records across all card issuers were confirmed as stolen and that the data were being stored by his company without authorization and in violation of the credit card issuers' rules. He said the records were kept for research but that the practice was immediately discontinued. Transactional records include name, account number, expiration date and security code.

MasterCard told the press that 68,000 of its card accounts were identified as high risk because the data were exported from CardSystems.

Even before this breach was revealed, legislators were on their way to crafting several federal bills on data security and identity theft. The U.S. Senate Committee on Commerce, Science & Transportation considered legislative options at a hearing on those topics June 16.

With a potential 40 million cardholders at risk, the CardSystems breach is seemingly the largest that has been made public, though others have included CitiFinancial with 3.9 million customers at risk. Other breaches this year have included data provider ChoicePoint with 145,000 consumers notified of a breach and LexisNexis with 312,000.

Kristen Bremner covers list news, insert media, privacy and fundraising for DM News and To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting


Next Article in Marketing Strategy

Sign up to our newsletters

Company of the Week

Since 1985, Melissa has helped thousands of companies clean, correct and complete contact data to better target and communicate with their customers. We offer a full spectrum of data quality solutions, including global address, phone, email, and name validation, identify verification - available for batch or real-time processes, in the Cloud or on-premise. Our service bureau provides dedupe, email/phone append and geographic/demographic append services for better targeting and insight. For direct mailers, Melissa offers easy-to-use address management/postal software, list hygiene services and 100s of specialty mailing lists - all with competitive pricing and excellent customer service.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above