|
-
June 18th, 2005, 10:25 AM
#1
40 Million CC Accounts Compromised
Source
NEW YORK - The names, banks and account numbers of up to 40 million credit card holders may have been accessed by an unauthorized user, MasterCard International Inc. said Friday. The credit card giant said the security breach involves a computer virus that captured customer data for the purpose of fraud and may have affected holders of all brands of credit cards.
The crux of the issue is that the breach my be used for theft of funds but not, thankfully, ID theft.
I find it interesting that the FBI told the company that actually lost the data to be quiet but Mastercard itself went public.
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
February 26th, 2006, 07:46 AM
#2
update
Ok, just bringing the dead thread back because there is an update on the story.
FTC and Card systems settle
From the article:
The proposed settlement requires the privately owned company to adopt stricter security measures and to have an independent audit every other year for the next 20 years.
CardSystems faces potential liability for millions of dollars in private lawsuits for losses, the FTC said.
Can anyone recall how the card numbers were stolen ? Wan't their system unencrypted or something ?
The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare
-
February 26th, 2006, 08:52 AM
#3
I beleive thats the case where the cc employee had their laptop stolen and hadnt been folowing company policy by encrypting the files.
-
February 27th, 2006, 03:00 PM
#4
Update
Another update today from TheRegister.
It looks like they did'nt use encryption for their database and they never used strong passwords if any at all  .
-
February 27th, 2006, 04:04 PM
#5
Junior Member
Another one of those "Oh, it'll never happen to us!"
-
February 27th, 2006, 04:23 PM
#6
The proposed settlement requires the privately owned company to adopt stricter security measures and to have an independent audit every other year for the next 20 years.
CardSystems faces potential liability for millions of dollars in private lawsuits for losses, the FTC said.
That's not very strict. The PCI DSS dictates much more frequent audits and technical vulnerability assessments. Unless this independent audit is more of a "bend over and say 'Ah'" sort of affair, outside of the normal PCI requirements. In which case, I *still* don't think it's enough.
dmorgan, I believe the issue was CardSystems was keeping cardholder information for some data analysis/warehousing work. #1 they did so in violation of the agreement with Visa (who, let's face it, IS the Payment Card Industry), and #2 they did not have safe data storage and management practices around this unauthorized data.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote