Huge security breach of credit card user data

As MasterCard International reported in a press release yesterday, a huge breach of security was detected at a third-party processor of payment card data. According to this, as many as 40 mio credit cards were potentially exposed to fraud, of which about 14 mio are MasterCard branded cards. (See further reports by CNN here and BusinessWeek here). Apparently the data potentially compromised include names of cardholders and banks, and account numbers, but no addresses or Social Security numbers. American Express card holders are also affected, Visa did not yet comment.
The company that processed the data, CardSystems Solutions, Inc., sounded very apologetic in a press release (pdf):

“We understand and fully appreciate the seriousness of the situation. Our customers and their customers are our lifeblood. We are sparing no effort to get to the bottom of this matter. Our goal is to cooperate fully with the FBI to complete the investigation and ensure that we do nothing that might compromise the investigation.”

Apparently the data were compromised through a virus-like computer script that infiltrated the company's network and captured customer data.

This is only the latest incident in a series of similar breaches of data security to take place in financial institutions such as ChoicePoint, Bank of America, LexisNexis, and Retail Ventures. And that are only the ones this blog reported about in the last four months… I will this time not repeat my musings about whether this will trigger legislative reactions. Let's just say: watch this space!