The names, banks and account numbers of up to 40 million credit card holders may have been accessed by an unauthorized user, MasterCard International said.
The credit-card giant said on Friday the security breach involves a computer virus that captured customer data for the purpose of fraud and may have affected holders of all brands of credit cards.
It said the breach was traced to Atlanta-based CardSystems Solutions, which processes credit card and other payments for banks and merchants.
The compromised data did not include addresses or Social Security numbers, said MasterCard spokeswoman Sharon Gamsin. The data that may have been viewed -- names, banks and account numbers -- could be used to steal funds but not identities.
Gamsin said she did not know how a virus-like computer script that captured customer data got into CardSystems' network, which MasterCard said was infiltrated by an unauthorized individual. Neither company would elaborate.
The FBI was investigating.
The incident was the latest in a series of security breaches affecting valuable consumer data at major financial institutions and data brokers in an increasingly database-driven world.
The breach appears to be the largest yet involving financial data, said David Sobel, general counsel at the Electronic Privacy Information Center.
``The steady stream of these disclosures shows the pressing need for regulation of the industry both in terms of limitation in the amount of personal information that companies collect and also liability when these kinds of disclosures occur,'' Sobel said.
A flurry of disclosures of breaches affecting high-profile companies including Citigroup Inc., Bank of America Corp and DSW Shoe Warehouse has prompted US federal lawmakers to draw up legislation designed to better protect consumer privacy.
MasterCard, which said about 14 million of its own cards were exposed, first announced the breach in a news release on Friday afternoon, saying it was notifying its card-issuing banks of the problem.
However, CardSystems said late on Friday in a statement vetted by the FBI that it first learned of a potential breach on May 22. It said it was told by the FBI not to release any information to the public.
The company said it was surprised by MasterCard's decision to go public.
"We were absolutely blindsided by a press release by the association," CardSystems' chief financial officer, Michael Brady, said when reached on his mobile phone.
He refused to answer any questions and referred calls to the company's chief executive, John Perry, and its senior vice president of marketing, Bill Reeves.
Reeves said the information the company gathered initially was "on a need-to-know basis."
He said he could not comment beyond the company's statement, but noted that CardSystems is implementing increased security measures.
"I understand and fully appreciate the seriousness of the situation," Reeves said.
Sobel said the fact that the latest breach involved a third party "indicates that this is a shadowy industry where the consumer never really knows who is going to be handling and using their personal information."
RETHINK? The defense ministry and Navy Command Headquarters could take over the indigenous submarine project and change its production timeline, a source said Admiral Huang Shu-kuang’s (黃曙光) resignation as head of the Indigenous Submarine Program and as a member of the National Security Council could affect the production of submarines, a source said yesterday. Huang in a statement last night said he had decided to resign due to national security concerns while expressing the hope that it would put a stop to political wrangling that only undermines the advancement of the nation’s defense capabilities. Taiwan People’s Party Legislator Vivian Huang (黃珊珊) yesterday said that the admiral, her older brother, felt it was time for him to step down and that he had completed what he
Taiwan has experienced its most significant improvement in the QS World University Rankings by Subject, data provided on Sunday by international higher education analyst Quacquarelli Symonds (QS) showed. Compared with last year’s edition of the rankings, which measure academic excellence and influence, Taiwanese universities made great improvements in the H Index metric, which evaluates research productivity and its impact, with a notable 30 percent increase overall, QS said. Taiwanese universities also made notable progress in the Citations per Paper metric, which measures the impact of research, achieving a 13 percent increase. Taiwanese universities gained 10 percent in Academic Reputation, but declined 18 percent
CHINA REACTS: The patrol and reconnaissance plane ‘transited the Taiwan Strait in international airspace,’ the 7th Fleet said, while Taipei said it saw nothing unusual The US 7th Fleet yesterday said that a US Navy P-8A Poseidon flew through the Taiwan Strait, a day after US and Chinese defense heads held their first talks since November 2022 in an effort to reduce regional tensions. The patrol and reconnaissance plane “transited the Taiwan Strait in international airspace,” the 7th Fleet said in a news release. “By operating within the Taiwan Strait in accordance with international law, the United States upholds the navigational rights and freedoms of all nations.” In a separate statement, the Ministry of National Defense said that it monitored nearby waters and airspace as the aircraft
UNDER DISCUSSION: The combatant command would integrate fast attack boat and anti-ship missile groups to defend waters closest to the coastline, a source said The military could establish a new combatant command as early as 2026, which would be tasked with defending Taiwan’s territorial waters 24 nautical miles (44.4km) from the nation’s coastline, a source familiar with the matter said yesterday. The new command, which would fall under the Naval Command Headquarters, would be led by a vice admiral and integrate existing fast attack boat and anti-ship missile groups, along with the Naval Maritime Surveillance and Reconnaissance Command, said the source, who asked to remain anonymous. It could be launched by 2026, but details are being discussed and no final timetable has been announced, the source