Digital Edition

SYS-CON.TV
Stolen MasterCard "High Risk" Accounts Total Estimated At 68,000 (Out of 40M)
American Express and Others Have Been Jeopardized Too

When MasterCard's forensic people went in to investigate the security breach that affected nearly 14M MasterCard accounts this week, they were able right away to find a file that with 100% certainty had 68,000 account numbers exported from its system. These accounts are considered "especially at risk."

In what might amount to one of the largest data heists ever, MasterCard believes up to 40 million cardholders of such credit card brands as MasterCard, American Express and others have been jeopardized in a massive theft at third party credit card processor, CardSystems Solutions Inc.

The breach compromised account holder names, banks and account numbers.

The MasterCard disclosure adds fuel to a growing uproar among privacy rights experts and government regulators who fear that Americans are increasingly threatened by identity theft and other privacy violations due to sloppy or inadequate data privacy and data security practices.

Earlier this week, the U.S. Senate debated different approaches to dealing with the problem. In the meantime, more and more states are following the lead of California, whose groundbreaking information privacy act called SB1386 mandates that all potential privacy breaches be publicly disclosed to those affected.

"The MasterCard incident represents only the tip of the iceberg of what has become a global identity theft epidemic," said Jim Stickley (pictured), internationally respected security expert, cofounder and CTO for TraceSecurity. He continued:

"Most Americans don't realize how poorly their private financial information can be protected. Often times their information is stored on computer hard disks and tapes by the numerous trustees of this data -- including banks, brokerages, insurance companies, credit card companies, mortgage companies and credit rating agencies. Unfortunately, even when the original trustees of the data incorporate proper security precations, the data is then sent out to third party vendors who do not incorporate the same strict security standards."
"Often times these organizations implement archaic data privacy practices that haven't kept pace with rapid technological changes or with the evolving threats. Another concerning factor is the lack of encryption which though available, is rarely used for data storage. For example, most corporate data is stored on computer hard disks or tape drives in clear plain text, unencrypted, which means that unauthorized persons can easily access the data. In today's case, a rogue computer virus or worm apparently stole the data. If that data had been encrypted, we wouldn't have 40 million people losing sleep tonight wondering if their credit card information was violated."

Stickley believes it's time for the federal government to do more.

"The time has come for government regulators to step in and mandate more responsible data protection practices," added Stickley. "California's disclosure rule has been a great first step, and should become a model for national law. But the government needs to go further. The next step is to mandate better data protection practices. Data encryption is an important and necessary start, but it's not the total solution. The biggest problems we see is related to the human element of the security equation. Employees at these companies require, and should be entitled to receive, continuous education about policies and procedures that can prevent such massive thefts from occurring in the first place."

Stickley, in a moment of levity, suggests MasterCard adopt the following new marketing campaign that would appeal to the growing hoards of computer criminals around the world:

"New Computer: $1,100.00 ... An Internet guidebook to writing computer viruses: free ... Easily stealing 40 million credit card accounts: priceless."

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

I can't imagine how something like this is stil able to happen! I have been working at a credit union http://www.creditunionofsc.org for years and just assume by now that organizations are taking the proper steps to protect confidnetial information. How soon till we see the Law Suit?




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are rep...
Serveless Architectures brings the ability to independently scale, deploy and heal based on workload...
Technological progress can be expressed as layers of abstraction - higher layers are built on top of...
When building large, cloud-based applications that operate at a high scale, it’s important to mainta...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it wil...
Having been in the web hosting industry since 2002, dhosting has gained a great deal of experience w...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the m...
Big Switch's mission is to disrupt the status quo of networking with order of magnitude improvements...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, disc...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
NanoVMs is the only production ready unikernel infrastructure solution on the market today. Unikerne...
SUSE is a German-based, multinational, open-source software company that develops and sells Linux pr...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (No...
All in Mobile is a mobile app agency that helps enterprise companies and next generation startups bu...
Dynatrace is an application performance management software company with products for the informatio...
Yottabyte is a software-defined data center (SDDC) company headquartered in Bloomfield Township, Oak...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...