Network security specialists say that MasterCard, a major payment card operator, has suffered a data breach that exposes the personal information and card numbers of thousands of users, mainly residents of Germany; the company is investigating the incident and notifying affected customers.
Although the company remains airtight respect for this incident, some details have gradually been leaked, so it is now possible to claim that data from 90,000 members of the ‘Priceless Specials’ bonus program is exposed on the Internet since last Monday.
Listed in an Excel file, usernames and email addresses appeared, in addition to the first two and last four digit devices of MasterCard cards. In some cases, the address and phone number of the affected customers even are included. In addition to this Excel document, another list circulates that includes the full card numbers; according to network security experts, it is even possible to find the data of the owners of these cards by comparing both lists.
The company reportedly began sending a message signed by a spokesperson to affected users on Thursday night. In the message, it is stated that “For MasterCard the security and protection of users’ personal data is a very serious matter; we are doing everything we can to determine the causes of this incident and to resolve any security flaws that are found. We’re sorry for the inconvenience caused,” the email says.
Last Monday night, MasterCard revealed that the ‘Priceless Specials’ rewards program platform would be temporarily shut down as a security measure and as part of an internal investigation for a possible third-party intrusion. The company noted that these measures would not affect any of its payment systems.
Unsurprisingly, The MasterCard message was not very well received by affected users, who now wonder what will happen to their personal information. “More than an apology, I expect some compensation for the damage this incident may cause,” one of the affected users said in an interview with an online news platform.
Another of the victims revealed their plans to file a complaint with the Federal Data Protection and Freedom of Information Commission in Hesse State, Germany. According to network security experts, even if users lock their card for security, there are still risks arising from the leak of personal information, so the danger is not yet over.
Network security specialists from the International Institute of Cyber Security (IICS) recommend affected users report their potentially affected cards to prevent threat actors from using them. Luckily, multiple e-commerce companies request more data to verify a person’s identity before authorizing a transaction, which slightly reduces the impact of the incident. The investigation is still ongoing, but this could only be the beginning of problems for MasterCard. Because a large amount of personal data has been involved in this incident, the company could now face severe penalties for non-compliance with data protection rules in force in the European Union, mainly the General Data Protection Regulation (GDPR).
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.