40 Million CC Accounts Compromised
Results 1 to 6 of 6

Thread: 40 Million CC Accounts Compromised

  1. #1
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197

    40 Million CC Accounts Compromised

    Source

    NEW YORK - The names, banks and account numbers of up to 40 million credit card holders may have been accessed by an unauthorized user, MasterCard International Inc. said Friday. The credit card giant said the security breach involves a computer virus that captured customer data for the purpose of fraud and may have affected holders of all brands of credit cards.
    The crux of the issue is that the breach my be used for theft of funds but not, thankfully, ID theft.

    I find it interesting that the FBI told the company that actually lost the data to be quiet but Mastercard itself went public.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #2
    Senior Member
    Join Date
    Dec 2004
    Posts
    320

    update

    Ok, just bringing the dead thread back because there is an update on the story.
    FTC and Card systems settle

    From the article:
    The proposed settlement requires the privately owned company to adopt stricter security measures and to have an independent audit every other year for the next 20 years.

    CardSystems faces potential liability for millions of dollars in private lawsuits for losses, the FTC said.
    Can anyone recall how the card numbers were stolen ? Wan't their system unencrypted or something ?
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  3. #3
    Banned
    Join Date
    Jul 2004
    Posts
    297
    I beleive thats the case where the cc employee had their laptop stolen and hadnt been folowing company policy by encrypting the files.

  4. #4
    Member
    Join Date
    Feb 2006
    Posts
    33
    Update

    Another update today from TheRegister.

    It looks like they did'nt use encryption for their database and they never used strong passwords if any at all .

  5. #5
    Junior Member
    Join Date
    Sep 2005
    Posts
    4
    Another one of those "Oh, it'll never happen to us!"

  6. #6
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    The proposed settlement requires the privately owned company to adopt stricter security measures and to have an independent audit every other year for the next 20 years.

    CardSystems faces potential liability for millions of dollars in private lawsuits for losses, the FTC said.
    That's not very strict. The PCI DSS dictates much more frequent audits and technical vulnerability assessments. Unless this independent audit is more of a "bend over and say 'Ah'" sort of affair, outside of the normal PCI requirements. In which case, I *still* don't think it's enough.

    dmorgan, I believe the issue was CardSystems was keeping cardholder information for some data analysis/warehousing work. #1 they did so in violation of the agreement with Visa (who, let's face it, IS the Payment Card Industry), and #2 they did not have safe data storage and management practices around this unauthorized data.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •