40,000,000 credit cards exposed - an update
Sharing a quick update on latest discoveries. The primary cause of this exposure is improper storage and use of confidential information on their servers, followed by hackers discovering this due to weak security controls.
1. A new phishing attack
has been launched to capitalize on this http://www.theregister.co.uk/2005/06/20/mastercard_phishing/
|From: Master Bank [firstname.lastname@example.org] To: Subject: **Your Mastercard online Confirmation** Dear User, During our regular update and verification of the accounts, we couldn't verify your current information. Either your information has changed or it is incomplete. If the account information is not updated to current information within 5 days then, your access will be restricted. |
2. According to reports, 68,000 MasterCard cardholders have already found fraudulent charges on their accounts.
3. The head of a credit card processing company whose Tucson center was hit by computer hackers says compromised consumer records shouldn't even have been in the data base. Under rules established by Visa and MasterCard, processors aren't supposed to retain cardholder information after handling transactions.
4. CardSystems Solutions C-E-O John Perry tells The New York Times the data was being stored for "research purposes" to determine why some transactions registered as unauthorized or uncompleted.
5. He says that the records known to have been stolen covered roughly 200-thousand of the 40 (m) million compromised credit card accounts. They include Visa, Mastercard and other companies.