Digital Edition

SYS-CON.TV
Stolen MasterCard "High Risk" Accounts Total Estimated At 68,000 (Out of 40M)
American Express and Others Have Been Jeopardized Too

When MasterCard's forensic people went in to investigate the security breach that affected nearly 14M MasterCard accounts this week, they were able right away to find a file that with 100% certainty had 68,000 account numbers exported from its system. These accounts are considered "especially at risk."

In what might amount to one of the largest data heists ever, MasterCard believes up to 40 million cardholders of such credit card brands as MasterCard, American Express and others have been jeopardized in a massive theft at third party credit card processor, CardSystems Solutions Inc.

The breach compromised account holder names, banks and account numbers.

The MasterCard disclosure adds fuel to a growing uproar among privacy rights experts and government regulators who fear that Americans are increasingly threatened by identity theft and other privacy violations due to sloppy or inadequate data privacy and data security practices.

Earlier this week, the U.S. Senate debated different approaches to dealing with the problem. In the meantime, more and more states are following the lead of California, whose groundbreaking information privacy act called SB1386 mandates that all potential privacy breaches be publicly disclosed to those affected.

"The MasterCard incident represents only the tip of the iceberg of what has become a global identity theft epidemic," said Jim Stickley (pictured), internationally respected security expert, cofounder and CTO for TraceSecurity. He continued:

"Most Americans don't realize how poorly their private financial information can be protected. Often times their information is stored on computer hard disks and tapes by the numerous trustees of this data -- including banks, brokerages, insurance companies, credit card companies, mortgage companies and credit rating agencies. Unfortunately, even when the original trustees of the data incorporate proper security precations, the data is then sent out to third party vendors who do not incorporate the same strict security standards."
"Often times these organizations implement archaic data privacy practices that haven't kept pace with rapid technological changes or with the evolving threats. Another concerning factor is the lack of encryption which though available, is rarely used for data storage. For example, most corporate data is stored on computer hard disks or tape drives in clear plain text, unencrypted, which means that unauthorized persons can easily access the data. In today's case, a rogue computer virus or worm apparently stole the data. If that data had been encrypted, we wouldn't have 40 million people losing sleep tonight wondering if their credit card information was violated."

Stickley believes it's time for the federal government to do more.

"The time has come for government regulators to step in and mandate more responsible data protection practices," added Stickley. "California's disclosure rule has been a great first step, and should become a model for national law. But the government needs to go further. The next step is to mandate better data protection practices. Data encryption is an important and necessary start, but it's not the total solution. The biggest problems we see is related to the human element of the security equation. Employees at these companies require, and should be entitled to receive, continuous education about policies and procedures that can prevent such massive thefts from occurring in the first place."

Stickley, in a moment of levity, suggests MasterCard adopt the following new marketing campaign that would appeal to the growing hoards of computer criminals around the world:

"New Computer: $1,100.00 ... An Internet guidebook to writing computer viruses: free ... Easily stealing 40 million credit card accounts: priceless."

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

I can't imagine how something like this is stil able to happen! I have been working at a credit union http://www.creditunionofsc.org for years and just assume by now that organizations are taking the proper steps to protect confidnetial information. How soon till we see the Law Suit?




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Intel is an American multinational corporation and technology company headquartered in Santa Clara, ...
The graph represents a network of 1,329 Twitter users whose recent tweets contained "#DevOps", or wh...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, disc...
Artifex Software began 25-years ago with Ghostscript, a page description language (PDL) interpreter ...
Now is the time for a truly global DX event, to bring together the leading minds from the technology...
In an age of borderless networks, security for the cloud and security for the corporate network can ...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
On-premise or off, you have powerful tools available to maximize the value of your infrastructure an...
As the digitization of business accelerates the move of critical applications and content to the clo...
In today's always-on world, customer expectations have changed. Competitive differentiation is deliv...
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical ...
Blockchain has shifted from hype to reality across many industries including Financial Services, Sup...
Concerns about security, downtime and latency, budgets, and general unfamiliarity with cloud technol...
In very short order, the term "Blockchain" has lost an incredible amount of meaning. With too many j...
Cloud Storage 2.0 has brought many innovations, including the availability of cloud storage services...
For enterprises to maintain business competitiveness in the digital economy, IT modernization is req...
Cloud-Native thinking and Serverless Computing are now the norm in financial services, manufacturing...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS...
Public clouds dominate IT conversations but the next phase of cloud evolutions are "multi" hybrid cl...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web...