Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Breach Exposes 40M Credit Cards

Posted by Zonk on from the consider-the-planet-hacked dept.

The Good Reverend writes "MasterCard International announced today that a security breach at CardSystems Solutions, a third party processor of payment card data, potentially exposed more than 40 million cards. Mastercard is aware of the specific card numbers affected, and is giving its member financial institutions the numbers that may have been compromised. Unlike many of the past high profile cases this one involves a hacker rather than lost packages. CNN Money, the New York Times, Reuters, MSNBC, ZDNet, C|Net, and the Washington Post are also covering the story."

6 of 304 comments (clear)

  1. Proves that the hackers... by bpuli · · Score: 5, Insightful

    will always exploit the weakest link in the chain. MasterCard itself might have the best security but what about all the systems downstream? Wonder how many more of these transactions processors have been compromised and don't even know it yet.

    --
    BP http://www.card-central.com
    1. Re:Proves that the hackers... by Ian+Jefferies · · Score: 5, Funny

      Just wait for the spam social engineering angle to kick in:

      "Just enter your credit card details into this site to see if your credit card number was one of those stolen"

      (Answer: not until 5 seconds ago)

      --
      A physicist is an atom's way of thinking about atoms
    2. Re:Proves that the hackers... by Anonymous Coward · · Score: 5, Informative

      Have to agree here. I work for a large mailing house company which processes client data and sends out bank statements and tax details and all sorts of other private information.

      Having a in depth security background, I can safely say that the security of this place is shocking. The guys handling this sensitive data are just kids straight out of uni. The banks etc themselves can go to great lengths to protect their clients data, but then they outsource to 3rd parties and hand over all their data to be processed.

      Posting anonymously for obvious reasons.

  2. My Card? by valjean78 · · Score: 5, Funny

    Is there a form somewhere that I can enter my credit card information to check if my cc number has been comprimised? :p

  3. This is simply the price of outsourcing. by 0xdeaddead · · Score: 5, Interesting
    See in the banking industry we run these "penetration scans" all the time, that are TOTALY WORTHLESS. I cannot emphasize this enough, that running the weakest setup possbile will pass their "tests" with flying colours. The people doing these tests (Some certified security specialists!) Think that firewalls are magical devices that know how to stop the pesky hackers. Bottom line is that people are involved, they are out of their element, and simply placeholders. Management in general needs to get out of this "placerholder" mentality when it comes to jobs, and just fire people that are not doing their jobs.

    Ok enough ranting, but trust me, in the late 90s banks were trying to outsource as many things as possible from customer service, to invoicing, bills, credit collections, applications and so on. As you can see when the "Credit card company" becomes nothing more than a brand, and a board of execs, everything is out of their control, not to mention every peice of the old credit empire is open for attack.....

    If anything the question is why did it take so long to find them?!

  4. There are some numbers hackers can't steal. by game+kid · · Score: 5, Funny

    there are some numbers hackers can't steal

    for everything else there's MasterCard

    (Accepted all over, even if it's not yours.)

    --
    You can hold down the "B" button for continuous firing.