Digital Edition

SYS-CON.TV
Stolen MasterCard "High Risk" Accounts Total Estimated At 68,000 (Out of 40M)
American Express and Others Have Been Jeopardized Too

When MasterCard's forensic people went in to investigate the security breach that affected nearly 14M MasterCard accounts this week, they were able right away to find a file that with 100% certainty had 68,000 account numbers exported from its system. These accounts are considered "especially at risk."

In what might amount to one of the largest data heists ever, MasterCard believes up to 40 million cardholders of such credit card brands as MasterCard, American Express and others have been jeopardized in a massive theft at third party credit card processor, CardSystems Solutions Inc.

The breach compromised account holder names, banks and account numbers.

The MasterCard disclosure adds fuel to a growing uproar among privacy rights experts and government regulators who fear that Americans are increasingly threatened by identity theft and other privacy violations due to sloppy or inadequate data privacy and data security practices.

Earlier this week, the U.S. Senate debated different approaches to dealing with the problem. In the meantime, more and more states are following the lead of California, whose groundbreaking information privacy act called SB1386 mandates that all potential privacy breaches be publicly disclosed to those affected.

"The MasterCard incident represents only the tip of the iceberg of what has become a global identity theft epidemic," said Jim Stickley (pictured), internationally respected security expert, cofounder and CTO for TraceSecurity. He continued:

"Most Americans don't realize how poorly their private financial information can be protected. Often times their information is stored on computer hard disks and tapes by the numerous trustees of this data -- including banks, brokerages, insurance companies, credit card companies, mortgage companies and credit rating agencies. Unfortunately, even when the original trustees of the data incorporate proper security precations, the data is then sent out to third party vendors who do not incorporate the same strict security standards."
"Often times these organizations implement archaic data privacy practices that haven't kept pace with rapid technological changes or with the evolving threats. Another concerning factor is the lack of encryption which though available, is rarely used for data storage. For example, most corporate data is stored on computer hard disks or tape drives in clear plain text, unencrypted, which means that unauthorized persons can easily access the data. In today's case, a rogue computer virus or worm apparently stole the data. If that data had been encrypted, we wouldn't have 40 million people losing sleep tonight wondering if their credit card information was violated."

Stickley believes it's time for the federal government to do more.

"The time has come for government regulators to step in and mandate more responsible data protection practices," added Stickley. "California's disclosure rule has been a great first step, and should become a model for national law. But the government needs to go further. The next step is to mandate better data protection practices. Data encryption is an important and necessary start, but it's not the total solution. The biggest problems we see is related to the human element of the security equation. Employees at these companies require, and should be entitled to receive, continuous education about policies and procedures that can prevent such massive thefts from occurring in the first place."

Stickley, in a moment of levity, suggests MasterCard adopt the following new marketing campaign that would appeal to the growing hoards of computer criminals around the world:

"New Computer: $1,100.00 ... An Internet guidebook to writing computer viruses: free ... Easily stealing 40 million credit card accounts: priceless."

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

I can't imagine how something like this is stil able to happen! I have been working at a credit union http://www.creditunionofsc.org for years and just assume by now that organizations are taking the proper steps to protect confidnetial information. How soon till we see the Law Suit?




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT...
Everyone wants the rainbow - reduced IT costs, scalability, continuity, flexibility, manageability, ...
The standardization of container runtimes and images has sparked the creation of an almost overwhelm...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 1...
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point wh...
Dynatrace is an application performance management software company with products for the informatio...
Today, we have more data to manage than ever. We also have better algorithms that help us access our...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with e...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held Novemb...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by Fi...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news an...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018,...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing w...
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear...
"We host and fully manage cloud data services, whether we store, the data, move the data, or run ana...
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...