Network security specialists say that MasterCard, a major payment card operator, has suffered a data breach that exposes the personal information and card numbers of thousands of users, mainly residents of Germany; the company is investigating the incident and notifying affected customers.
Although the company remains airtight respect
for this incident, some details have gradually been leaked, so it is now
possible to claim that data from 90,000 members of the ‘Priceless Specials’
bonus program is exposed on the Internet since last Monday.
Listed in an Excel file, usernames and email
addresses appeared, in addition to the first two and last four digit devices of
MasterCard cards. In some cases, the address and phone number of the affected
customers even are included. In addition to this Excel document, another list
circulates that includes the full card numbers; according to network security
experts, it is even possible to find the data of the owners of these cards by
comparing both lists.
The company reportedly began sending a message
signed by a spokesperson to affected users on Thursday night. In the message,
it is stated that “For MasterCard the security and protection of users’
personal data is a very serious matter; we are doing everything we can to
determine the causes of this incident and to resolve any security flaws that
are found. We’re sorry for the inconvenience caused,” the email says.
Last Monday night, MasterCard revealed that the
‘Priceless Specials’ rewards program platform would be temporarily shut down as
a security measure and as part of an internal investigation for a possible
third-party intrusion. The company noted that these measures would not affect
any of its payment systems.
Unsurprisingly, The MasterCard message was not
very well received by affected users, who now wonder what will happen to their
personal information. “More than an apology, I expect some compensation
for the damage this incident may cause,” one of the affected users said in
an interview with an online news platform.
Another of the victims revealed their plans to file a complaint with the Federal Data Protection and Freedom of Information Commission in Hesse State, Germany. According to network security experts, even if users lock their card for security, there are still risks arising from the leak of personal information, so the danger is not yet over.
Network security specialists from the International Institute of Cyber Security (IICS) recommend affected users report their potentially affected cards to prevent threat actors from using them. Luckily, multiple e-commerce companies request more data to verify a person’s identity before authorizing a transaction, which slightly reduces the impact of the incident. The investigation is still ongoing, but this could only be the beginning of problems for MasterCard. Because a large amount of personal data has been involved in this incident, the company could now face severe penalties for non-compliance with data protection rules in force in the European Union, mainly the General Data Protection Regulation (GDPR).