In what may be the largest reported breach to date, MasterCard International reports that 40 million customer cards may have been exposed to fraud.
Apparently, the breach was detected in May, when a piece of hostile software was discovered on a computer system at Atlanta-based CardSystem Solutions, which processes cards for MasterCard. The data potentially compromised include names, bank names, and account numbers. The spokeswoman for MasterCard, Sharon Gamsin, says that this information could be used to steal funds but not identities. I wonder how she arrived at that conclusion.
The Associated Press wrote that CardSystems was surprised by MasterCard’s decision to go public with the break. “We were absolutely blindsided by a press release by the association,” Michael A. Brady, the company’s CFO, told the AP.
Many people have written that these kinds of breaches have likely been going on for some time, and we are only now becoming aware of them because of the California disclosure law. But I think that attacks like this one at CardSystems are actually increasing because of the quality of hostile software and the increasing connectivity of networked systems.