As you probably know by know, MasterCard reported a breach in its security on Friday, and credit card issuers still don’t know for sure which customer accounts were affected.
Over 40 million accounts were exposed in the breach. Data was stolen from about 200,000 accounts. Card issuers are waiting to hear from MasterCard about which accounts have been jeopardized.
“Working with all parties, including issuing banks, acquiring banks, the processor and law enforcement, MasterCard immediately launched an investigation into the breach, and worked with CardSystems to remediate the security vulnerabilities in the processor’s systems,” MasterCard said. “These vulnerabilities allowed an unauthorized individual to infiltrate their network and access the cardholder data.”
People are itching to know what software let this security breach happen. Many suspect that it was Microsoft Windows. Joris Evers of Silicon.com writes,
Online discussion boards, meanwhile, are abuzz about which vulnerable software CardSystems may have been running. The data processor’s website runs on Microsoft’s Windows 2000 operating system and IIS Server 5.0, which has fuelled speculation that its other set-ups may also be Microsoft-based.
CardSystems said in a statement on Friday that it had identified a “potential security incident” on Sunday, 22 May, and called in the FBI the next day. Visa and MasterCard were also contacted, the company said. MasterCard went public with the CardSystems’ breach on Friday after it had identified all the affected accounts, the spokeswoman said.
“Consumers should wait for notice from the bank,” said the U.S. Public Interest Research Group’s consumer program director Edmund Mierzwinski. “In the interim, if consumers have the ability to check credit and checking accounts online they should do that and if not, they should open and review their statements very carefully the next couple of months.”
No one at CardSystems is commenting on the security breach, but an FBI investigation is in progress. The data that was jeopardized included names, account numbers and verification codes.
Chris is a staff writer for Murdok. Visit Murdok for the latest ebusiness news.