Digital Edition

SYS-CON.TV
Stolen MasterCard "High Risk" Accounts Total Estimated At 68,000 (Out of 40M)
American Express and Others Have Been Jeopardized Too

When MasterCard's forensic people went in to investigate the security breach that affected nearly 14M MasterCard accounts this week, they were able right away to find a file that with 100% certainty had 68,000 account numbers exported from its system. These accounts are considered "especially at risk."

In what might amount to one of the largest data heists ever, MasterCard believes up to 40 million cardholders of such credit card brands as MasterCard, American Express and others have been jeopardized in a massive theft at third party credit card processor, CardSystems Solutions Inc.

The breach compromised account holder names, banks and account numbers.

The MasterCard disclosure adds fuel to a growing uproar among privacy rights experts and government regulators who fear that Americans are increasingly threatened by identity theft and other privacy violations due to sloppy or inadequate data privacy and data security practices.

Earlier this week, the U.S. Senate debated different approaches to dealing with the problem. In the meantime, more and more states are following the lead of California, whose groundbreaking information privacy act called SB1386 mandates that all potential privacy breaches be publicly disclosed to those affected.

"The MasterCard incident represents only the tip of the iceberg of what has become a global identity theft epidemic," said Jim Stickley (pictured), internationally respected security expert, cofounder and CTO for TraceSecurity. He continued:

"Most Americans don't realize how poorly their private financial information can be protected. Often times their information is stored on computer hard disks and tapes by the numerous trustees of this data -- including banks, brokerages, insurance companies, credit card companies, mortgage companies and credit rating agencies. Unfortunately, even when the original trustees of the data incorporate proper security precations, the data is then sent out to third party vendors who do not incorporate the same strict security standards."
"Often times these organizations implement archaic data privacy practices that haven't kept pace with rapid technological changes or with the evolving threats. Another concerning factor is the lack of encryption which though available, is rarely used for data storage. For example, most corporate data is stored on computer hard disks or tape drives in clear plain text, unencrypted, which means that unauthorized persons can easily access the data. In today's case, a rogue computer virus or worm apparently stole the data. If that data had been encrypted, we wouldn't have 40 million people losing sleep tonight wondering if their credit card information was violated."

Stickley believes it's time for the federal government to do more.

"The time has come for government regulators to step in and mandate more responsible data protection practices," added Stickley. "California's disclosure rule has been a great first step, and should become a model for national law. But the government needs to go further. The next step is to mandate better data protection practices. Data encryption is an important and necessary start, but it's not the total solution. The biggest problems we see is related to the human element of the security equation. Employees at these companies require, and should be entitled to receive, continuous education about policies and procedures that can prevent such massive thefts from occurring in the first place."

Stickley, in a moment of levity, suggests MasterCard adopt the following new marketing campaign that would appeal to the growing hoards of computer criminals around the world:

"New Computer: $1,100.00 ... An Internet guidebook to writing computer viruses: free ... Easily stealing 40 million credit card accounts: priceless."

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

I can't imagine how something like this is stil able to happen! I have been working at a credit union http://www.creditunionofsc.org for years and just assume by now that organizations are taking the proper steps to protect confidnetial information. How soon till we see the Law Suit?




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

ChatOps is an emerging topic that has led to the wide availability of integrations between group cha...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting ch...
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being soft...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know ...
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every ...
The cloud era has reached the stage where it is no longer a question of whether a company should mig...
The need for greater agility and scalability necessitated the digital transformation in the form of ...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an over...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and ...
While some developers care passionately about how data centers and clouds are architected, for most,...
"Since we launched LinuxONE we learned a lot from our customers. More than anything what they respon...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily ...
"As we've gone out into the public cloud we've seen that over time we may have lost a few things - w...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
Sanjeev Sharma Joins June 5-7, 2018 @DevOpsSummit at @Cloud Expo New York Faculty. Sanjeev Sharma is...
We are given a desktop platform with Java 8 or Java 9 installed and seek to find a way to deploy hig...
"I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis too...
"Cloud4U builds software services that help people build DevOps platforms for cloud-based software a...
The question before companies today is not whether to become intelligent, it’s a question of how and...