Massive Credit Card Breach Was On Data That Wasn't Supposed To Exist

from the who-can-we-blame? dept

Late Friday afternoon, MasterCard released the news about how potentially 40 million credit card holders were at risk of having their data stolen, after discovering a hacker had placed a trojan on the computers of a credit card processing company. That was scary enough, but as the details continued to come out over the weekend, the situation just seemed to get worse and worse. Jeremy Wagstaff notes that the processor in question, CardSystems, apparently knew about the breach for nearly a month but claimed they didn’t say anything because the FBI asked them not to — a charge that the FBI denies. Then comes the best part. The NY Times reports that CardSystems wasn’t even supposed to have this data. The company processes credit card transactions, but isn’t supposed to keep records of the transactions, as per agreements it signed with Visa and MasterCard. However, these days, when it seems to be common practice to play fast and loose with other people’s data, CardSystems hung onto all the data, for its own “research” purposes. It looks like those research purposes just caused plenty of problems for an awful lot of people.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Massive Credit Card Breach Was On Data That Wasn't Supposed To Exist”

Subscribe: RSS Leave a comment
Precision Blogger (user link) says:

Securiy by volutary compliance

What’s REALLY interesting is that the banks make security policy and then trust the processing companies to follow it. These records might not have existed if the the banks had been actively auditing the procesing companies instead of telling them what they were supposed to do and leaving it at that.
– Precision Blogger

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...