WASHINGTON, June 18: A credit card company has revealed the largest security breach in recent history, reporting that an ‘unauthorized individual’ had infiltrated a computer network earlier in the week and stole up to 40 million credit card numbers.
Although all brands of credit cards were exposed in the attack, about 14 million of the 40 million accounts exposed were MasterCard accounts, a spokeswoman for MasterCard International said on Friday.
The spokeswoman said important personal data, such as social security numbers and birthdays, were not stolen.
MasterCard pinned the blame on CardSystems Solutions and the latter confirmed it had suffered a ‘security incident’ on May 22.
The company’s marketing director said the company had voluntarily reported the theft to the FBI and the credit card association.
In a posting on its web site, CardSystems said it performs transactions for more than 100,000 small companies, _ with more than $15 billion in Visa, MasterCard, American Express and Discover transactions being processed annually.
Visa USA acknowledged in a statement that some of its credit card accounts had also been compromised in the incident. American Express confirmed a small number of its customers were caught up as well.
“Through the use of MasterCard fraud-fighting tools that proactively monitor for fraud, MasterCard was able to identify the processor that was breached,” the company said in its statement.
MasterCard spokeswoman Sharon Gamsin said ‘an unauthorized entity put a specific code into CardSystems’ network’, enabling the person or group to gain access to the data. She wouldn’t say how long attackers had access to CardSystems computers. Vulnerabilities in CardSystems’ computers have now been fixed, she said. Security experts say that usually card thieves are able to make one or two purchases before the cards are cancelled.
The news comes on the heels of several other high-profile data leaks. The Privacy Rights Clearinghouse says about 10 million individuals’ personal data have been lost or stolen since February.
