MasterCard yesterday warned of a security breach at Tuscon, AZ-based CardSystems that dwarfs recent reports of financial data loss. The company is reporting that information on up to 40 million credit cards may have been exposed at the third-party credit card payment processor, 13.9 million of those belonging to MasterCard customers.

CardSystems processes over "$15 billion in Visa, MasterCard, American Express, Discover, on-line debit and EBT transactions annually", according to the company's website.

The breach was discovered, in part, by fraud protection mechanisms employed by MasterCard, according to a statement. The companies then traced the problem to vulnerabilities within CardSystems' network, which allowed an unauthorized person to gain access to card-holder data. In a differing account, CardSystems does not make mention of MasterCard's involvement, but says that the breach occurred on May 22, 2005. On the following day, the company contacted the FBI.

http://www.enterpriseitplanet.com/security/news/article.php/3513806

And finally, states are taking action... until recently, only the state of California had laws in place that require institutions to disclose sensitive information breaches to their customers. As of June 20 of this year, 35 states have similar laws in place. You can find the complete list with a summary of the laws here (http://www.ncsl.org/programs/lis/CIP/priv/breach.htm).

Such a shame that Intmon didn't look at the second thread posted in the spiffy new Security News Forum..... Oops (http://www.antionline.com/showthread.php?s=&postid=845533#post845533) .... ;)

Doh! My bad Tiger Shark, sorry.

intmon, :o