Reports: Breached Data Were Stored Without Authorization

Share this article:
Unauthorized storage of credit and debit card transaction data led to a security breach at third-party credit and debit card processing firm CardSystems Solutions Inc. that potentially exposed 40 million cardholders to risk, according to a report in The New York Times yesterday and The Associated Press.


CardSystems, Tucson, AZ, which claims to process $15 billion in Visa, MasterCard, American Express and Discover transactions annually, said Friday that it had discovered a possible security breach May 22 and had contacted the Federal Bureau of Investigation as well as the Visa and MasterCard card associations.


"CardSystems immediately began a remediation process to ensure all systems were secure," the company said in a statement. "Additionally, CardSystems immediately engaged an independent third party to validate systems security."


However, it was a Friday announcement by MasterCard International that revealed 40 million cards were at possible risk including 13.9 million MasterCard-branded cards. According to MasterCard, its security team detected the breach and has directed CardSystems to come into compliance with the firm's security requirements.


CardSystems chief executive John M. Perry told the Times and the AP that about 200,000 records across all card issuers were confirmed as stolen and that the data were being stored by his company without authorization and in violation of the credit card issuers' rules. He said the records were kept for research but that the practice was immediately discontinued. Transactional records include name, account number, expiration date and security code.


MasterCard told the press that 68,000 of its card accounts were identified as high risk because the data were exported from CardSystems.


Even before this breach was revealed, legislators were on their way to crafting several federal bills on data security and identity theft. The U.S. Senate Committee on Commerce, Science & Transportation considered legislative options at a hearing on those topics June 16.


With a potential 40 million cardholders at risk, the CardSystems breach is seemingly the largest that has been made public, though others have included CitiFinancial with 3.9 million customers at risk. Other breaches this year have included data provider ChoicePoint with 145,000 consumers notified of a breach and LexisNexis with 312,000.


Kristen Bremner covers list news, insert media, privacy and fundraising for DM News and DMNews.com. To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting www.dmnews.com/newsletters


Share this article:
You must be a registered member of Direct Marketing News to post a comment.

Sign up to our newsletters

Follow us on Twitter @dmnews

Latest Jobs:

More in News

DMA 2014 Kicks Off Under New Management

DMA 2014 Kicks Off Under New Management

Thomas Benton and Jane Berzan will preside over an event indicative of an association serving a wider array of industry segments.

De Quinto Tapped as Coke's Next CMO

De Quinto Tapped as Coke's Next CMO

The president of the company's Iberia Business Unit will take over from Joe Tripodi upon his retirement in February.

Customer Centricity Is Spurring Marketing-Tech Investments

Customer Centricity Is Spurring Marketing-Tech Investments

A majority of marketers rank customer satisfaction improvements as paramount in the technology investment decisions.

Copyright © 2014 Haymarket Media, Inc. All Rights Reserved
This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions.