MasterCard Reports 40 Million Cards May be Compromised

In what may be the largest reported breach to date, MasterCard International reports that 40 million customer cards may have been exposed to fraud.

Details, but not enough, can be found at Mastercard’s press release on the matter, and in the Associated Press article.

Apparently, the breach was detected in May, when a piece of hostile software was discovered on a computer system at Atlanta-based CardSystem Solutions, which processes cards for MasterCard. The data potentially compromised include names, bank names, and account numbers. The spokeswoman for MasterCard, Sharon Gamsin, says that this information could be used to steal funds but not identities. I wonder how she arrived at that conclusion.

The Associated Press wrote that CardSystems was surprised by MasterCard’s decision to go public with the break. “We were absolutely blindsided by a press release by the association,” Michael A. Brady, the company’s CFO, told the AP.

Many people have written that these kinds of breaches have likely been going on for some time, and we are only now becoming aware of them because of the California disclosure law. But I think that attacks like this one at CardSystems are actually increasing because of the quality of hostile software and the increasing connectivity of networked systems.