Visa and MasterCard could be victims of "massive" data breach

The two biggest credit card firms, Visa and MasterCard, are reportedly the victims of a huge data breach. KrebsonSecurity.com reports that the breach happened at a US-based processor for the two companies and may involve as many as 10 million credit card numbers being exposed.

The story says that the breach happened sometime between January 21st and February 25th but Visa and MasterCard only started alerting banks to the breach in a non-public alert last week. The amount of information that was taken as a result of this incident is said to be enough for others to make counterfeit credit cards.

The story does not name the processor that was the subject of the credit card data leak. However, it adds that according to two unnamed financial organizations, the transactions made by the affected cards seems to show that they were used in New York City in parking garages.

While Visa has not yet issued an official statement, The Wall Street Journal reports that MasterCard has admitted that a "possible" breach has occurred and is working with law enforcement groups and an independent security firm to investigate the matter. It added that "MasterCard's own systems have not been compromised in any manner", but would not comment on how many cards might be affected.

Report a problem with article
Previous Story

Email more popular than social networking in India

Next Story

Nokia launches Lumia Challenge campaign

16 Comments

Commenting is disabled on this article.

even though its a prepaid card, it still has a Visa or Mastercard logo on it and uses a credit card number, so I'm sure information on prepaid cards was leaked as well. i don't think one would even be able to distinguish what information is that of a real credit card or that of a prepaid card.

alot of jobs are now forcing their employees to either go direct deposit otherwise you get a prepaid card.

Good thing I just use a prepaid visa card. No impact to my credit if it gets stolen and also I only load it up with enough to buy one thing... not much else more... then I buy it and that's it. The card has nothing on it.

remixedcat said,
Good thing I just use a prepaid visa card. No impact to my credit if it gets stolen and also I only load it up with enough to buy one thing... not much else more... then I buy it and that's it. The card has nothing on it.

What companies still give that option?

Why this information is not super-duper encrypted is beyond me... the funny thing is I'm annoyed that there might be a possibility that cards I could use for subscription services could require me to change all the information.

Thank goodness for credit cards as a buffer... inconvenience rather than complete loss of finances... but still bad-bad Visa and Master card corps. I hope the government is already about to chime in... Heck, they did it with Sony, which is small beams compared to the arguably largest or most known credit establishments in the states if not the world... ::sigh::

and then people wonder why other people don't trust the banks that they deposit their money into and rely on to handle bill payment transactions such as rent, mortgage, or their car payments and insurance. i can barely trust our own government and i'm trying to express trust with PNC after years of hatred with BOA ...

Damn, I have a mastercard debit card. I would go get a new one and have my number changed, but I'd rather someone take money from my account, so I can sue the bank like everyone else and get millions instead of my original amount back.

That is what I am supposed to do, right?

Zappa859 said,
Damn, I have a mastercard debit card. I would go get a new one and have my number changed, but I'd rather someone take money from my account, so I can sue the bank like everyone else and get millions instead of my original amount back.

That is what I am supposed to do, right?


I'm glad people understand how life works nowadays :-)

warwagon said,
Does this effect Debit cards or just credit cards?

Well both I guess as credit card numbers are credit card numbers. Only difference is if it's your money or the banks money

WTF. I think any company that deals with finances as it's primary business function should be required BY LAW to disclose when there has been data theft. Staying quiet is going to help no one.

Lexcyn said,
WTF. I think any company that deals with finances as it's primary business function should be required BY LAW to disclose when there has been data theft. Staying quiet is going to help no one.

Oh the company that was breached would rather stay quiet about it as long as possible. They think it helps them of course.

Lexcyn said,
WTF. I think any company that deals with finances as it's primary business function should be required BY LAW to disclose when there has been data theft. Staying quiet is going to help no one.

I think they are, within 90 days of the attack.